Hello, My name is Taseer Hussain. I am a freelance security researcher by profession with almost 3 years of experience.
Easy Vulnerability Leads To admin Console, P1 type
So I even have commenced looking on one target to deliver me permission to Disclosed Name of the Program}
Let’s start
after looking at a few low hanging. And after a few Recon, I turned into looking on Technologies which turned into Web common sense Services and I observed CVE 2020–14882 turned into prone to the 12.1.3.0.0 models of internet common sense
( Oracle ) Version 12.1.3.0.0
Let's start with the exploit,
For example, let's assume the site was hosted on this IP: 192.168.1.79 and the port of web logic is 7001
As we all know we can bypass WAF sometimes with just “ / “
This was the payload:- %252e%252e%252f you Guyz can encode and check, So this payload was just bypassing Waf now I was not happy with bypassing WAF I was hunting for big impact so I found one more payload which Directed me to admin console access
Payload:- https://192.168.1.79:7001/console/images/%252e%252e%252fconsole.portal
The IP is just for example, Focus on payload which was this /console/images/%252e%252e%252fconsole.portal
So here is the screen Shot POC
Now Tip for Bug Hunters,
How you can Find this, Where you can Find This,
Find on shodan.io with some Dorking
Websites that used Web logic Oracle
Tip for beginners
What if we don't have IP ? what if we don't see a port open of 7001? how we can exploit it? without this? ……. Don’t worry Guys you can do it
So just change the URL like this:- https://taget.com//console/images/%252e%252e%252fconsole.portal
But keep one thing in mind first you need to find the login page of the console so the endpoint of the website can be anything
For reference Video Poc
Thanks All stay connected will post more new things
Read Other Blogs Here: Blogs