Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Oracle Fatwire 6.3 - Path Traversal

By kannthu

High
Vidoc logoVidoc Module
#lfi#oracle#fatwire#edb
Description

What is "Oracle Fatwire 6.3 - Path Traversal?"

The "Oracle Fatwire 6.3 - Path Traversal" module is designed to detect a path traversal vulnerability in the Oracle Fatwire 6.3 software. This vulnerability allows an attacker to access files outside of the intended directory, potentially leading to unauthorized access to sensitive information. The severity of this vulnerability is classified as high.

This module was authored by Bernardo Rodrigues.

Impact

If successfully exploited, the path traversal vulnerability in Oracle Fatwire 6.3 can allow an attacker to view sensitive files on the server that are not intended to be accessible. This could include configuration files, user credentials, or other confidential information. The unauthorized access to such data can lead to further exploitation or compromise of the system.

How the module works?

The "Oracle Fatwire 6.3 - Path Traversal" module sends a specific HTTP request to the vulnerable endpoint, which is the "getSurvey.jsp" file. The request includes a path traversal payload that attempts to access files outside of the expected directory structure.

For example, the module may send a GET request to the following path:

/cs/career/getSurvey.jsp?fn=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd

The module then applies matching conditions to determine if the vulnerability is present. It checks the response body for the presence of the "root" user entry in the "/etc/passwd" file and verifies that the HTTP response status is 200 (OK).

If both conditions are met, the module reports the vulnerability.

Reference:

- https://www.exploit-db.com/expl

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cs/career/getSurvey...
Matching conditions
regex: root:.*:0:0:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability