CVE-2022-21587 PoC — Oracle E-Business Suite 访问控制错误漏洞

Source

https://github.com/hieuminhnv/CVE-2022-21587-POC

Associated Vulnerability

Title:Oracle E-Business Suite 访问控制错误漏洞 (CVE-2022-21587)
Description:Oracle E-Business Suite（电子商务套件）是美国甲骨文（Oracle）公司的一套全面集成式的全球业务管理软件。该软件提供了客户关系管理、服务管理、财务管理等功能。 Oracle E-Business Suite 的 Oracle Web Applications Desktop Integrator 12.2.3-12.2.11 版本存在安全漏洞。未经身份验证的攻击者通过 HTTP 进行网络访问，从而破坏 Oracle Web Applications Desktop Integrat

Description

CVE-2022-21587 POC

Readme

# CVE-2022-21587-POC-
CVE-2022-21587 POC 

```
file exploit.py will overwrite to file .pl (not recommended for use, will affect the system) 
file EBS not overwrite, will create a new shell file
```

install slipit:
      git clone https://github.com/usdAG/slipit
      
      cd slipit

      python3 setup.py sdist

      pip3 install --user dist/*

      export PATH=/home/yourname/.local/bin:$PATH
   

install uuencode:
  sudo apt-get install sharutils

Exploit: python3 http|https://example.com

File Snapshot


 [4.0K]  /data/pocs/f81441d8e6ef9cb01e34492426ff44d60890c08b
├── [1.8K]  EBS_N_Overwrite.py
├── [1.5K]  exploit.py
└── [ 500]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!