Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Oracle EBS - SQL Log Disclosure" module is designed to detect a vulnerability in Oracle E-Business Suite (EBS) that exposes sensitive SQL logs. This module targets Oracle EBS, a popular enterprise resource planning (ERP) software used by organizations.
This module has a severity level of medium.
If this vulnerability is exploited, an attacker can gain access to sensitive SQL logs, which may contain valuable information such as database credentials, user details, or other sensitive data. This can lead to unauthorized access, data breaches, or further exploitation of the system.
The "Oracle EBS - SQL Log Disclosure" module works by sending an HTTP GET request to the "/OA_HTML/bin/sqlnet.log" path. It then applies several matching conditions to determine if the vulnerability is present:
- The response body must contain the words "DESCRIPTION=" and "USER=". - The response header must have the content type "text/plain". - The HTTP status code must be 200.If all the matching conditions are met, the module reports the vulnerability.
It is important to note that this module is designed to detect the vulnerability, not fix it. Once the vulnerability is detected, appropriate actions should be taken to secure the Oracle EBS system and prevent any potential exploitation.