File tree Expand file tree Collapse file tree 1 file changed +6
-6
lines changed
modules/exploits/windows/http Expand file tree Collapse file tree 1 file changed +6
-6
lines changed Original file line number Diff line number Diff line change @@ -18,12 +18,12 @@ def initialize(info = {})
1818 'Name' => 'Oracle Event Processing FileUploadServlet Arbitrary File Upload' ,
1919 'Description' => %q{
2020 This module exploits an Arbitrary File Upload vulnerability in Oracle Event Processing
21- 11.1.1.7.0. The vulnerability exists in the FileUploadServlet, where an arbitrary file
22- can be uploaded without authentication, and due to a directory traversal, to an arbitrary
23- location . By default Oracle Event Processing uses a Jetty Application Server with JSP
24- support not configured. Because of it, this module only targets Windows 2003 SP2, where
25- the WMI service can be abused to convert the file upload into remote code execution without
26- user interaction .
21+ 11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be
22+ abused to upload a malicious file onto an arbitrary location due to a directory traversal
23+ flaw, and compromise the server . By default Oracle Event Processing uses a Jetty
24+ Application Server without JSP support, which limits the attack to WbemExec. The current
25+ WbemExec technique only requires arbitrary write to the file system, but at the moment the
26+ module only supports Windows 2003 SP2 or older .
2727 } ,
2828 'License' => MSF_LICENSE ,
2929 'Author' =>
You can’t perform that action at this time.
0 commit comments