Hacking News h

Published on December 13th, 2016 | Post Views: 4,851  HitsPost Views

0

How To Bypass .htaccess Controls in Oracle Reports For CVE-2012-3152 And CVE-2012-3153

Security researcher Dana Taylor discovered CVE-2012-3152/3153 back in 2011/2012.

Some system administrators created .htaccess entries that would block /reports/rwservlet/<command>

however by removing the “/” from between rwservlet and the command, you can bypass the htaccess control and access the application.

▼Advertisment

This means vulnerability scanners will need to be updated, pentesters be made aware of it and IDS/IPS companies will need to create new rules to detect this bypass.

Watch Video












Leave a Reply

Back to Top ↑