Abu Bakar – WindowsTechs.com

Post Exploitation in Oracle web logic server 10.35 (Oracle Linux Server 3.8)

Posted on July 24, 2023 by Abu Bakar

Web Server : Oracle WebLogic 10.35
Machine : Oracle Linux Server 3.8
I was able to partially exploit this CVE. I can execute any command on server using HTTP request and redirecting its output to a file i.e
cat /etc/passwd > /tmp/succes… Continue reading Post Exploitation in Oracle web logic server 10.35 (Oracle Linux Server 3.8)→

LFI to RCE in java EE Application

Posted on July 22, 2023 by Abu Bakar

I found vulnerable end-points in my university’s old portal. It should not be accessible but I found it somehow.
-> First end-point allows me to upload any kind of file on following path : /home/oracle/Oracle/uploads/candidate/
-> … Continue reading LFI to RCE in java EE Application→

Uploading webshell in ASP.net application using directory-traversal and file-upload vulnerability

Posted on April 29, 2023 by Abu Bakar

On my target site, I found two vulnerabilities, unrestricted file upload(to any directory) and directory traversal. I have two end points :
1- site.com/fileUp : uploads file
{
—-Request Parameters—
file_data=<file>
file_name=123…. Continue reading Uploading webshell in ASP.net application using directory-traversal and file-upload vulnerability→