CVE-2018-2894, Orcle file upload vulnerability by attackers against consumers and against our honeynet since July 19, 2018. CVE-2018-2894 consists of 2 arbitrary file upload vulnerabilities, one targeting config.do and one targeting begin.do.
- GET request to retrieve application settings at /ws_utc/resources/setting/options/general
- POST request to change the application working directory to one that is accessible over HTTP. Request sent to path : /ws_utc/resources/setting/options.
- POST request to upload the arbitrary file to the said working directory. Request sent to path : /ws_utc/css/config/keystore/.
- This vulnerability can be exploited remote and unauthenticated
- POST request to /ws_utc/resources/ws/config/import. Path traversal vulnerability in the multipart form name which allows attackers to upload a file to anywhere in the filesystem.
- In our testing of each version, authentication was required to access and exploit this vector.
Proof of concept