How I Found Unauthorized Bypass RCE

How I Found Unauthorized Bypass RCE

Sep 21, 2022

Hello, My name is Taseer Hussain. I am a freelance security researcher by profession with almost 3 years of experience.

Easy Vulnerability Leads To admin Console, P1 type

So I even have commenced looking on one target to deliver me permission to Disclosed Name of the Program}

Let’s start

after looking at a few low hanging. And after a few Recon, I turned into looking on Technologies which turned into Web common sense Services and I observed CVE 2020–14882 turned into prone to the models of internet common sense

( Oracle ) Version

Let's start with the exploit,

For example, let's assume the site was hosted on this IP: and the port of web logic is 7001

As we all know we can bypass WAF sometimes with just “ / “

This was the payload:- %252e%252e%252f you Guyz can encode and check, So this payload was just bypassing Waf now I was not happy with bypassing WAF I was hunting for big impact so I found one more payload which Directed me to admin console access


The IP is just for example, Focus on payload which was this /console/images/%252e%252e%252fconsole.portal

So here is the screen Shot POC

Now Tip for Bug Hunters,

How you can Find this, Where you can Find This,

  1. Find on with some Dorking

  2. Websites that used Web logic Oracle

  3. Tip for beginners

  4. What if we don't have IP ? what if we don't see a port open of 7001? how we can exploit it? without this? ……. Don’t worry Guys you can do it

  5. So just change the URL like this:-

  6. But keep one thing in mind first you need to find the login page of the console so the endpoint of the website can be anything

  7. For reference Video Poc


Thanks All stay connected will post more new things

Read Other Blogs Here: Blogs

Enjoy this post?

Buy Taseer Hussain a book

More from Taseer Hussain