module
Oracle Forms and Reports Remote Code Execution
| Disclosed | Created |
|---|---|
| 2014-01-15 | 2018-05-30 |
Disclosed
2014-01-15
Created
2018-05-30
Description
This module uses two vulnerabilities in Oracle Forms and Reports to get remote code execution
on the host. The showenv url can be used to disclose information about a server. A second
vulnerability that allows arbitrary reading and writing to the host filesystem can then be
used to write a shell from a remote url to a known local path disclosed from the previous
vulnerability.
The local path being accessible from an URL allows an attacker to perform the remote code
execution using, for example, a .jsp shell.
This module was tested successfully on Windows and Oracle Forms and Reports 10.1.
on the host. The showenv url can be used to disclose information about a server. A second
vulnerability that allows arbitrary reading and writing to the host filesystem can then be
used to write a shell from a remote url to a known local path disclosed from the previous
vulnerability.
The local path being accessible from an URL allows an attacker to perform the remote code
execution using, for example, a .jsp shell.
This module was tested successfully on Windows and Oracle Forms and Reports 10.1.
Authors
miss_sudo security@netinfiltration.com
Mekanismen mattias@gotroot.eu
Mekanismen mattias@gotroot.eu
Platform
Linux,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.