CVE-2018-2894, Orcle file upload vulnerability by attackers against consumers and against our honeynet since July 19, 2018. CVE-2018-2894 consists of 2 arbitrary file upload vulnerabilities, one targeting config.do and one targeting begin.do.

/ws_utc/config.do Execution 

  • GET request to retrieve application settings at /ws_utc/resources/setting/options/general
  • POST request to change the application working directory to one that is accessible over HTTP. Request sent to path : /ws_utc/resources/setting/options.
  • POST request to upload the arbitrary file to the said working directory. Request sent to path : /ws_utc/css/config/keystore/.
  • This vulnerability can be exploited remote and unauthenticated

/ws_utc/begin.do Execution 

  • POST request to /ws_utc/resources/ws/config/import. Path traversal vulnerability in the multipart form name which allows attackers to upload a file to anywhere in the filesystem.
  • In our testing of each version, authentication was required to access and exploit this vector.

Proof of concept

73 COMMENTS

  1. It is recommended that you use the play just for fun feature to be able to practice
    and see the symbols and rules with the particular online slot machine game in which you’re
    partaking. If you haven’t played it online ever and you need to develop alcohol playing
    online roulette without putting your cash
    vulnerable, you merely might want to use online with free streaming
    roulette. Additionally, it provides various bonus provides and
    keeps on updating their games.

  2. I’m really enjoying the design and layout of your website.
    It’s a very easy on the eyes which makes it much more pleasant for me to come here and visit more often. Did you hire out a designer to create your theme?
    Superb work!

  3. You actually make it seem so easy together with your presentation but I in finding this matter to be
    really something that I believe I would by no means understand.
    It seems too complex and extremely large for me. I’m having a look
    forward for your subsequent post, I’ll try to get the
    hold of it!

  4. I have been browsing online greater than 3 hours today, yet I by no means discovered any attention-grabbing
    article like yours. It’s lovely worth enough for me. In my
    view, if all web owners and bloggers made just right content
    as you probably did, the net can be a lot more helpful than ever before.

  5. Hmm is anyone else having problems with the pictures on this blog loading?

    I’m trying to find out if its a problem on my end or if it’s the blog.
    Any responses would be greatly appreciated.

  6. What you said made a ton of sense. But, what about this?

    what if you added a little information? I mean, I don’t want to
    tell you how to run your website, however
    what if you added a post title to maybe get a person’s
    attention? I mean Oracle WebLogic JSP File Upload Vulnerability CVE-2018-2894 ~ Easy Hack is a
    little vanilla. You might peek at Yahoo’s front page and see how they write article headlines to get viewers interested.
    You might add a video or a picture or two to get readers excited about what you’ve written.
    Just my opinion, it would bring your posts a little livelier.

  7. I just couldn’t leave your website prior to suggesting that I actually loved the standard
    info an individual supply for your guests? Is going to be back frequently in order to investigate cross-check new posts

  8. Hey! I’m at work browsing your blog from my new iphone 4!
    Just wanted to say I love reading your blog and look forward to all your
    posts! Keep up the fantastic work!

  9. Normally I don’t learn article on blogs, however I would like to say that this write-up very pressured me to check out and
    do so! Your writing taste has been surprised me. Thanks, quite great article.

  10. Howdy! This post couldn’t be written any better! Reading through this post reminds me of my previous
    room mate! He always kept talking about this.
    I will forward this page to him. Pretty sure he will
    have a good read. Thank you for sharing!

  11. This is very attention-grabbing, You’re an excessively skilled blogger.
    I’ve joined your rss feed and stay up for in the hunt for more of your fantastic post.
    Additionally, I’ve shared your website in my social networks

  12. Attractive section of content. I just stumbled upon your blog and in accession capital to assert that I get in fact loved account your weblog posts.
    Any way I will be subscribing on your augment or even I success you get right
    of entry to constantly fast.

  13. Right here is the right blog for anybody who would like to understand this topic.
    You understand so much its almost hard to argue with you (not
    that I actually will need to…HaHa). You definitely put
    a new spin on a subject which has been discussed for decades.
    Excellent stuff, just wonderful!

  14. My brother suggested I might like this website. He was entirely right.
    This post truly made my day. You can not imagine simply how much time I
    had spent for this info! Thanks!

  15. Hello! This post couldn’t be written any better! Reading this post reminds me of
    my previous room mate! He always kept talking about this.
    I will forward this page to him. Fairly certain he will have
    a good read. Many thanks for sharing!

  16. Hey! Do you know if they make any plugins to assist
    with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not
    seeing very good gains. If you know of any please share.
    Many thanks!

  17. Hey! I just wanted to ask if you ever have any issues
    with hackers? My last blog (wordpress) was hacked
    and I ended up losing many months of hard work due to no
    back up. Do you have any solutions to prevent hackers?

  18. Heya just wanted to give you a quick heads up and let you know a
    few of the pictures aren’t loading properly. I’m not sure
    why but I think its a linking issue. I’ve tried it in two different
    internet browsers and both show the same results.

  19. Great post. I was checking constantly this blog and
    I am impressed! Extremely helpful info particularly the last part :
    ) I care for such info a lot. I was seeking this particular info for a very long time.
    Thank you and best of luck.

  20. Hello There. I found your weblog the usage of msn. This is a very smartly written article.
    I will be sure to bookmark it and come back to learn extra of your useful
    info. Thank you for the post. I will certainly comeback.

  21. Hey there! Quick question that’s completely off topic.

    Do you know how to make your site mobile friendly? My website looks weird when viewing from my
    iphone 4. I’m trying to find a theme or plugin that might be able to resolve this
    problem. If you have any suggestions, please share.

    Appreciate it!

  22. You could definitely see your skills in the work you
    write. The arena hopes for more passionate writers like you who aren’t afraid to say how they believe.
    Always follow your heart.

LEAVE A REPLY

Please enter your comment!
Please enter your name here