Leading the Blind to Light! - A Chain to RCE

by Andy Gill
Nov. 24, 2017 0 comments blog.zsec.uk Pen Testing & Audits

The chain of issues started with an outdated instance of Oracle E-Business Suite which has many publicly disclosed issues, two of which were an authentication bypass & a blind XXE vulnerablity. For anyone who's ever come across Oracle EBS you'll know if it's outdated often it'll be riddled with holes, which is great from a bug bounty & pentesting perspective but not so great for companies who are using it.