Exploit Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services - Unauthorized Form Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
26013
Проверка EDB
  1. Пройдено
Автор
ALEXANDER KORNBRUST
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
N/A
Дата публикации
2005-07-19
Код:
source: https://www.securityfocus.com/bid/14319/info

Oracle Forms Services is susceptible to an unauthorized form execution vulnerability.

Attackers may exploit this vulnerability to execute arbitrary commands with the privileges of the Oracle account under which the server is executing.

It should be noted that this issue may be remotely exploited if an attacker has means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without local access. 

http://www.example.com:7779/forms90/f90servlet?form=/public/johndoe/hacker.fmx
http://www.example.com:7779/forms90/f90servlet?module=/tmp/hacker.fmx
 
Источник
www.exploit-db.com

Похожие темы