Oracle Transportation Management (OTM) vulnerabilities enable remote command execution and data exfiltration

Username and Password headers secondary authentication mechanism
User name enumeration nonexistent user
User name enumeration an existent user
Oracle OTM users and hashed passwords
Oracle OTM list databases
Oracle OTM DB file location
Branding feature when login as DBA.ADMIN account
Branding feature missing when login as GUEST.ADMIN
Accessing the theme management servlets directly when login as GUEST.ADMIN
OTM server create a theme folder named ‘2’ with the uploaded file
Directory traversal vulnerability in ‘theme_name’ parameter

--

--

--

Cyber Security researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Barber Shop Hair Cut Games 3D Hack Free Resources Generator

De-Google Your Life

SERVE announces farming bounty campaign

Security nihilism: Never good enough.

{UPDATE} Cheetah Chase Hack Free Resources Generator

Binance Centralized Exchange

Panchan, a new Golang Peer-to-Peer Botnet targeting Linux servers

Panchan, a new Golang Peer-to-Peer Botnet targeting Linux servers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ofir Hamam

Ofir Hamam

Cyber Security researcher

More from Medium

Capture the reCAPTCHA in WSO2 APIM

Log4Hell — Just the beginning…

Set up Dynamic DNS for Dynamic IP Addresses at Home (FREE) + WireGuard Configuration

F5 Advanced Web Application Firewall(AWAF) 101