Oracle Event Processing FileUploadServlet Arbitrary File Upload Exploit-vulnerability warning-the black bar safety net

2014-07-09T00:00:00
ID MYHACK58:62201451068
Type myhack58
Reporter 佚名
Modified 2014-07-09T00:00:00

Description

# Current source: https://github.com/rapid7/metasploit-framework

##

require'msf/core"

class Metasploit3 < Msf::Exploit::Remote

Rank = ExcellentRanking `

include Msf::Exploit::Remote::HttpClient `

include Msf::Exploit::EXE

include Msf::Exploit::WbemExec `

include Msf::Exploit::FileDropper `

deftheinitialize(info = {}) `

super(update_info(info,

The'Name" =>'Oracle Event Processing FileUploadServlet Arbitrary File Upload",

'Description" => %q{

This module exploits an ArbitraryFileUpload vulnerability in Oracle Event Processing

1 1. 1. 1. 7. 0. The FileUploadServlet component, which requires no authentication, can be

abused to upload a malicious file onto an arbitrary location due to a directory traversal `

flaw, and compromise the server. By default Oracle Event Processing uses a Jetty

The Application Server without the JSP support, which limits the attack to WbemExec. The current

WbemExec technique only requires arbitrary write to the file system, but at the moment the `

moduleAonly supports Windows 2 0 0 3 SP2 or older.

}, `

'License" =>MSF_LICENSE,

'Author" =>

[ `

'rgod <rgod[at]autistici.org>",# Vulnerability Discovery `

'juan vazquez" # Metasploit module

], `

'References" =&gt;

[1] [2] [3] [4] next