Hacking News h

Published on December 13th, 2016 | 3,702 views Post Views

How To Bypass .htaccess Controls in Oracle Reports For CVE-2012-3152 And CVE-2012-3153

Security researcher Dana Taylor discovered CVE-2012-3152/3153 back in 2011/2012.

Some system administrators created .htaccess entries that would block /reports/rwservlet/<command>

however by removing the “/” from between rwservlet and the command, you can bypass the htaccess control and access the application.

▼Advertisements

This means vulnerability scanners will need to be updated, pentesters be made aware of it and IDS/IPS companies will need to create new rules to detect this bypass.

Watch Video

Share on Facebook0Share on Google+1Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0











Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
nishang – PowerShell For Penetration Testing

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing, offensive security...

Close