header-logo
Suggest Exploit
vendor:
Oracle E-Business Suite
by:
Sarath Nair aka AceNeon13
8,2
CVSS
HIGH
Server Side Request Forgery
918
CWE
Product Name: Oracle E-Business Suite
Affected Version From: Oracle E-Business Suite 12.1.3
Affected Version To: Oracle E-Business Suite 12.2.6
Patch Exists: YES
Related CWE: CVE-2017-10246
CPE: oracle:e-business_suite
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2017

Oracle E-Business Suite – Server Side Request Forgery

The application is vulnerable to server side request forgery attacks. We were able to use the web server to send packets internally and thereby perform port scan on other internal assets and/or obtain information accessible only from inside or otherwise not accessible to an external user. It was also possible to query internal server information otherwise unavailable publicly.

Mitigation:

Apply the oracle EBS patch released on 18 July 2017
Source

Exploit-DB raw data:

# Exploit Title: Oracle E-Business Suite - Server Side Request Forgery
# Date: 19 July 2017
# Exploit Author: Sarath Nair aka AceNeon13
# Contact: @AceNeon13
# Greetings: Raj3sh.tv, Deepu.tv
# Vendor Homepage: www.oracle.com
# Software Link:
http://www.oracle.com/us/products/applications/ebusiness/overview/index.html
# Version: Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
# CVE: CVE-2017-10246

# PoC Exploit: Server Side Request Forgery
------------------------------------------
Vulnerable URL:
http://
<EBS_Application>/OA_HTML/help?locale=en_AE&group=per:br_prod_HR:US&topic=http://
<Internal_IP:Port>

# Description: The application is vulnerable to server side request forgery
attacks. We were able to use the web server to send packets internally and
thereby perform port scan on other internal assets and/or obtain
information accessible only from inside or otherwise not accessible to an
external user. It was also possible to query internal server information
otherwise unavailable publicly.
# Impact: A presumed attacker could use EBS server resources to conduct
internal information gathering or obtain information otherwise inaccessible
publicly.
# Solution: Apply the oracle EBS patch released on 18 July 2017

########################################
# Vulnerability Disclosure Timeline:

2017-April-29:  Discovered vulnerability
2017-April-30:  Vendor Notification
2017-May-01:  Vendor Response/Feedback
2017-July-18:  Vendor Fix/Patch
2017-July-19:  Public Disclosure
########################################

Navigation

Suggest Exploit

Services By CQR