CVE-2022-21587 PoC — Oracle E-Business Suite 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-21587.yaml

Associated Vulnerability

Title:Oracle E-Business Suite 访问控制错误漏洞 (CVE-2022-21587)
Description:Oracle E-Business Suite（电子商务套件）是美国甲骨文（Oracle）公司的一套全面集成式的全球业务管理软件。该软件提供了客户关系管理、服务管理、财务管理等功能。 Oracle E-Business Suite 的 Oracle Web Applications Desktop Integrator 12.2.3-12.2.11 版本存在安全漏洞。未经身份验证的攻击者通过 HTTP 进行网络访问，从而破坏 Oracle Web Applications Desktop Integrat

Description

Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

File Snapshot


 id: CVE-2022-21587

info:
  name: Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution
  

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!