Unauthenticated Arbitrary File Upload RCE in Oracle Web Applications Desktop Integrator

This repository provides a working exploit for CVE-2022-21587, a critical unauthenticated remote code execution vulnerability in Oracle E-Business Suite (EBS) versions 12.2.3 through 12.2.11. The exploit leverages a file upload flaw in the Web Applications Desktop Integrator component, allowing attackers to upload and execute arbitrary code without authentication. The main exploit script (CVE-2022-21587.py) is a Python PoC that automates the attack: it generates a Perl CGI web shell, packages it into a zip file, uuencodes it, and uploads it to the vulnerable endpoint (/OA_HTML/BneUploaderService?bne:uueupload=true). Once uploaded, the script provides an interactive shell interface, sending commands to the web shell via HTTP requests to /OA_CGI/FNDWRR.exe. The exploit does not require credentials and works over the network, making it highly dangerous. The repository also includes a Nuclei YAML template (CVE-2022-21587.yaml) for automated detection and exploitation, and a comprehensive README.md with background, mitigation advice, and detection strategies. The exploit is operational, providing a real shell payload and interactive access, but is not part of a larger exploitation framework.

This repository contains two Python proof-of-concept exploits (EBS_N_Overwrite.py and exploit.py) targeting Oracle E-Business Suite (EBS) via CVE-2022-21587. Both scripts exploit the BneUploaderService endpoint to upload a web shell to the server. The first script (EBS_N_Overwrite.py) uploads a JSP shell to /forms/shell.jsp, while the second (exploit.py) uploads a Perl shell to /OA_CGI/FNDWRR.exe. Both shells allow remote command execution via HTTP requests. The exploits require the attacker to have 'slipit' and 'uuencode' installed locally to prepare the payloads. The README provides setup instructions and usage notes. The main attack vector is network-based, targeting an exposed HTTP endpoint on the Oracle EBS server. The repository is operational, providing working code to achieve remote code execution if the target is vulnerable.

This repository contains a Python exploit script (exploit.py) and a README.md with usage instructions. The exploit targets Oracle E-Business Suite instances vulnerable to CVE-2022-21587, an unauthenticated remote code execution flaw. The script generates a Perl web shell, packages it using 'slipit' and 'uuencode', and uploads it to the target via the '/OA_HTML/BneUploaderService?bne:uueupload=true' endpoint. If successful, the shell is accessible at '/OA_CGI/FNDWRR.exe', allowing the attacker to execute arbitrary commands by sending HTTP requests with a 'cmd' header. The exploit requires Python 3, the 'requests' and 'slipit' modules, and the 'uuencode' utility. The repository is operational, providing a working exploit and web shell payload, and is not part of a larger framework.

This repository is a plugin for the Woodpecker framework, targeting Oracle E-Business Suite CVE-2022-21587 (unauthenticated remote code execution). The structure includes Java source files implementing two main exploit modules: one for direct command execution via a malicious Perl script, and another for arbitrary file upload (such as a JSP webshell). The plugin generates a specially crafted ZIP file containing the payload, uploads it to a vulnerable endpoint, and then triggers execution via a secondary endpoint. The payload can be customized, and the plugin provides a payload generator for crafting evil ZIP files. The exploit is operational and can be used to gain remote code execution or deploy a webshell on vulnerable Oracle E-BS instances. Key endpoints and file paths are hardcoded and fingerprintable, aiding in detection and targeting. The repository is well-structured for integration with the Woodpecker exploitation framework.