Hello, My name is Taseer Hussain. I am a freelance security researcher by profession with almost 3 years of experience.

Easy Vulnerability Leads To admin Console, P1 type

So I even have commenced looking on one target to deliver me permission to Disclosed Name of the Program}

Let’s start

after looking at a few low hanging. And after a few Recon, I turned into looking on Technologies which turned into Web common sense Services and I observed CVE 2020–14882 turned into prone to the 12.1.3.0.0 models of internet common sense

( Oracle ) Version 12.1.3.0.0

Let's start with the exploit,

For example, let's assume the site was hosted on this IP: 192.168.1.79 and the port of web logic is 7001

As we all know we can bypass WAF sometimes with just “ / “

This was the payload:- %252e%252e%252f you Guyz can encode and check, So this payload was just bypassing Waf now I was not happy with bypassing WAF I was hunting for big impact so I found one more payload which Directed me to admin console access

Payload:- https://192.168.1.79:7001/console/images/%252e%252e%252fconsole.portal

The IP is just for example, Focus on payload which was this /console/images/%252e%252e%252fconsole.portal

So here is the screen Shot POC

Now Tip for Bug Hunters,

How you can Find this, Where you can Find This,

  1. Find on shodan.io with some Dorking

  2. Websites that used Web logic Oracle

  3. Tip for beginners

  4. What if we don't have IP ? what if we don't see a port open of 7001? how we can exploit it? without this? ……. Don’t worry Guys you can do it

  5. So just change the URL like this:- https://taget.com//console/images/%252e%252e%252fconsole.portal

  6. But keep one thing in mind first you need to find the login page of the console so the endpoint of the website can be anything

  7. For reference Video Poc

  8. https://youtu.be/O0ZnLXRY5Wo

Thanks All stay connected will post more new things

Read Other Blogs Here: Blogs