Unauthorized Bypass RCE

How I Found Unauthorized Bypass RCE

Easy Vulnerability Leads To admin Console, P1 type

So I even have commenced looking on one target to deliver me permission to Disclosed Name of the Program}

Let’s start

after looking at a few low hanging. And after a few Recon, I turned into looking on Technologies which turned into Web common sense Services and I observed CVE 2020–14882 turned into prone to the models of internet common sense

( oracle ) Version

Lets start with exploit,

For example lets assume the site was hosted on this IP : and the port of web logic is 7001

As we all know we can bypass WAF sometimes with just “ / “

This was the payload:- %252e%252e%252f you Guyz can encode and check , So this payload was just bypassing Waf now i was not happy with bypassing WAF i was hunting for big impact so i found one more payload which Directing me to admin console access


The IP is just for example, Focus on payload which was this /console/images/%252e%252e%252fconsole.portal

SO here is the screen Shot POC

Now Tip for Bug Hunters,

How you can Find this, Where you can Find This,

  1. Find on shodan.io with some dorking
  2. Websites which used Web logic Oracle
  3. Tip for beginners
  4. What if we dont have IP ? what if we dont see port open of 7001 ? how we can exploit ? without this ? ……. Don’t worry Guys you can do it
  5. SO just change the url like this :- https://taget.com//console/images/%252e%252e%252fconsole.portal
  6. But keep one thing in mind that first you need to find login page of console so the end point of website can be anything
  7. For references Video Poc
  8. https://youtu.be/O0ZnLXRY5Wo

Thanks All stay connected will post more new things

Read Other Blogs Here: Blogs