Hacking News h

Published on December 13th, 2016 | 3,853 views Post Views

How To Bypass .htaccess Controls in Oracle Reports For CVE-2012-3152 And CVE-2012-3153

Security researcher Dana Taylor discovered CVE-2012-3152/3153 back in 2011/2012.

Some system administrators created .htaccess entries that would block /reports/rwservlet/<command>

however by removing the “/” from between rwservlet and the command, you can bypass the htaccess control and access the application.

▼Advertisements

This means vulnerability scanners will need to be updated, pentesters be made aware of it and IDS/IPS companies will need to create new rules to detect this bypass.

Watch Video

Share on Facebook0Share on Google+1Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0











Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

Read more:
Now CryptXXX Is Undecryptable That Protects The Users From Accessing Their PC

Now CryptXXX Is Undecryptable That Protects The Users From Accessing Their PC. CryptXXX is one of the most current ransomware...

Close