.. / CVE-2019-2767

Exploit for Oracle Business Intelligence Publisher - XML External Entity Injection (CVE-2019-2767)

Description:

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.

Nuclei Template

View the template here CVE-2019-2767.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-2767.yaml

References:

http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.exploit-db.com/exploits/46729
https://github.com/ARPSyndicate/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2019-2767
https://github.com/vah13/Oracle-BI-bugs

.. / CVE-2019-2767 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Oracle Business Intelligence Publisher - XML External Entity Injection (CVE-2019-2767)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-2767