How i Found Unauthorized Bypass RCE
Easy Vulnerability Leads To admin Console ,P1 type
So i have Started doing hunting on one target { Target Didn’t gave me permission to Disclosed Name of Program}
Lets start
after hunting on some low hanging. And after some Recon i was hunting on Technologies which was Web logic Service and i found CVE 2020–14882 it was vulnerable to 12.1.3.0.0 version of web logic
( oracle ) Version 12.1.3.0.0
lets start with exploit,
For example lets assume the site was hosted on this IP : 192.168.1.79 and the port of web logic is 7001
As we all know we can bypass WAF sometimes with just “ / “
This was the payload :- %252e%252e%252f you Guyz can encode and check , So this payload was just bypassing Waf now i was not happy with bypassing WAF i was hunting for big impact so i found one more payload which Directing me to admin console access
Payload :- https://192.168.1.79:7001/console/images/%252e%252e%252fconsole.portal
The IP is just for example, Focus on payload which was this /console/images/%252e%252e%252fconsole.portal
SO here is the screen Shot POC
Now Tip for Bug Hunters,
How you can Find this, Where you can Find This,
- Find on shodan.io with some dorking
- Websites which used Web logic Oracle
- Tip for beginners
- What if we dont have IP ? what if we dont see port open of 7001 ? how we can exploit ? without this ? ……. Don’t worry Guys you can do it
- SO just change the url like this :- https://taget.com//console/images/%252e%252e%252fconsole.portal
- But keep one thing in mind that first you need to find login page of console so the end point of website can be anything
- For references Video Poc
- https://youtu.be/O0ZnLXRY5Wo
Thanks All stay connected will post more new things
Instagram : @yash.ethics