CVE-2013-3770 exploit

[ratpunk2]

Using this useful extension I found CVE-2013-3770 (Oracle IDoc Injection) vulnerability but unfortunately can't find a way/exploit/payload to exploit it successfully. Can you please help? I have already tried 'exploitdb' and google but no luck.

[ilmila]

Hi the CVE-2013-3770 as far as I know is limited to a LFI vulnerability due to an undocumented IDOC functionality. In this way, it's possible to retrieve configuration files or other sensitive data.

As far as I know, J2EEScan is the only public available tool (open source and commercial) to test for this kind of issue
If the remote target is "Oracle Content Server" it's potentially possible to retrieve db configuration files and administrative passwords which are located in the folder "../../../../config/jdbc/xxxx-jdbc.xml"