Vulnerability & Exploit Database

Back to search

Oracle ATS Arbitrary File Upload

This module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/http/oracle_ats_file_upload

Authors

  • Zhou Yu
  • wvu <wvu [at] metasploit.com>

References

Targets

  • OATS <= 12.4.0.2.0 (Windows)
  • OATS <= 12.4.0.2.0 (Linux)

Platforms

  • windows
  • linux

Architectures

  • java

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/oracle_ats_file_upload msf exploit(oracle_ats_file_upload) > show targets ...targets... msf exploit(oracle_ats_file_upload) > set TARGET <target-id> msf exploit(oracle_ats_file_upload) > show options ...show and set options... msf exploit(oracle_ats_file_upload) > exploit