Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Oracle eBusiness Suite - Improper File Access

By kannthu

Critical
Vidoc logoVidoc Module
#oracle#lfi
Description

What is the "Oracle eBusiness Suite - Improper File Access?" module?

The "Oracle eBusiness Suite - Improper File Access" module is designed to detect vulnerabilities related to improper file access in Oracle eBusiness Suite. This module specifically targets the "bispgrapgh" component of the suite. It is important to note that Oracle eBusiness Suite is no longer supported with patches or security fixes, making it even more crucial to identify and address any vulnerabilities.

This module has a severity level of critical, indicating the potential impact of the vulnerability.

Original author(s): emenalf, tirtha_mandal, thomas_from_offensity

Impact

An improper file access vulnerability in Oracle eBusiness Suite can allow unauthorized users to gain access to sensitive files on the system. This can lead to the exposure of confidential information, unauthorized modifications, or even complete system compromise. It is essential to address this vulnerability promptly to prevent potential security breaches.

How does the module work?

The module works by sending HTTP requests to the targeted Oracle eBusiness Suite instance and analyzing the responses for specific patterns. In this case, the module sends GET requests to the following paths:

/OA_HTML/bispgraph.jsp%0D%0A.js?ifn=passwd&ifl=/etc/
/OA_HTML/jsp/bsc/bscpgraph.jsp?ifl=/etc/&ifn=passwd

The module then applies a matching condition to the response body using a regular expression. If the response body contains the pattern "root:.*:0:0:", the module considers the vulnerability to be present.

By detecting this vulnerability, the module helps identify potential security risks in Oracle eBusiness Suite installations and enables appropriate remediation measures to be taken.

Reference: https://www.blackhat.com/docs/us-16/materials/us-16-Li

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/OA_HTML/bispgraph.j.../OA_HTML/jsp/bsc/bsc...
Matching conditions
regex: root:.*:0:0:
Passive global matcher
No matching conditions.
On match action
Report vulnerability