Hacking News h

Published on December 13th, 2016 | 4,296 views Post Views

How To Bypass .htaccess Controls in Oracle Reports For CVE-2012-3152 And CVE-2012-3153

Security researcher Dana Taylor discovered CVE-2012-3152/3153 back in 2011/2012.

Some system administrators created .htaccess entries that would block /reports/rwservlet/<command>

however by removing the “/” from between rwservlet and the command, you can bypass the htaccess control and access the application.

▼Advertisements

This means vulnerability scanners will need to be updated, pentesters be made aware of it and IDS/IPS companies will need to create new rules to detect this bypass.

Watch Video

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0












Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
security alert1 to 4m new phishing sites created each month report says

Phishing attacks are on the rise, and show no signs of slowing down: Nearly 1.4 million new, unique phishing sites...

Close