Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2017-3528 | CWE-601 | $5,000 | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2018-01-16 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | 0.02192 | 0.50148 |
# Exploit Title: Oracle E-Business suite Open Redirect # Google Dork: inurl:OA_HTML/cabo/ # Date: April 2017 # Exploit Author: [author] # Vendor Homepage: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html # Software Link: [download link if available] # Version: Oracle E-Business Suite (REQUIRED) # Tested on: [relevant os] # CVE : CVE-2017-3528 The exploit can be leveraged for an open redirect using the following exploit path: https://targetsite/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=/\example.com Oracle E-Business suite is vulnerable to an open redirect issue, specifically the redirect parameter allows any domain to be supplied and it will be rendered on the target's site. Note I was also credited for this CVE, see the Oracle CPU(http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html)
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.