Gesamte Überschrift: Oracle Forms / Reports Remote Code Execution Exploit 
Kategorie: remote exploits
Betriebssystem: windows
This Metasploit module uses two vulnerabilities in Oracle forms and reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to write a shell from a remote url to a known local path disclosed from the previous vulnerability. The local path being accessible from an URL then allows us to perform the remote code execution using for example a .jsp shell. Tested on Windows and Oracle Forms and Reports 10.1.

# 0day.today @ http://0day.today/