CVE-2010-0904
published 2010-07-13CVE-2010-0904: Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
PriorityP347medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
51.56%
98.8th percentile
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | secure_backup | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect authentication bypass attempt: POST to /login.php with body containing 'attempt=1&uname=-' (dash/empty username) indicating exploitation of the auth bypass in Oracle Secure Backup. ↗
- →Detect command injection attempt: GET request to /property_box.php with query parameters 'type=Job' and 'jlist=0%26' (URL-encoded ampersand) indicating OS command injection via the jlist parameter. ↗
- →Correlate a POST to /login.php with uname=- immediately followed by a GET to /property_box.php using the PHPSESSID cookie obtained from the login response — this two-step sequence is the full exploit chain. ↗
- →The exploit drops and executes a randomly named .exe payload in the current directory; monitor for creation of short random-name executables (4–8 alphanumeric chars + .exe) on Oracle Secure Backup Windows hosts. ↗
- →The underlying vulnerable code passes the unsanitized jlist parameter directly to exec_qr with rbtool lsjob; alert on process executions of rbtool spawned with unexpected arguments containing shell metacharacters. ↗
- ·The exploit targets Oracle Secure Backup version 10.3.0.1.0 on Windows (Win32) only; the Metasploit module defines a single 'Windows Universal' target and raises an error for other platforms. ↗
- ·SSL is enabled by default in the exploit module (port 443/HTTPS); network detection rules must inspect TLS-decrypted traffic to catch the attack. ↗
- ·CVE-2010-0904 covers the authentication bypass in login.php; the jlist command injection vector in property_box.php is a separate, chained issue noted as potentially undisclosed at time of module authorship. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3vg7-45rw-hpgj: Unspecified vulnerability in Oracle Secure Backup 10
ghsa_unreviewed·2022-05-02·CVSS 10.0
CVE-2010-0907 [CRITICAL] GHSA-3vg7-45rw-hpgj: Unspecified vulnerability in Oracle Secure Backup 10
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, and CVE-2010-0906.
GHSA
GHSA-xc8c-w9hw-359j: Unspecified vulnerability in Oracle Secure Backup 10
ghsa_unreviewed·2022-05-02
CVE-2010-0904 [MEDIUM] GHSA-xc8c-w9hw-359j: Unspecified vulnerability in Oracle Secure Backup 10
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
No detection rules found.
Exploit-DB
Oracle Secure Backup - Authentication Bypass/Command Injection (Metasploit)
exploitdb·2011-08-19
CVE-2010-0904 Oracle Secure Backup - Authentication Bypass/Command Injection (Metasploit)
Oracle Secure Backup - Authentication Bypass/Command Injection (Metasploit)
---
##
# $Id: osb_uname_jlist.rb 13591 2011-08-19 18:35:29Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability',
'Description' => %q{
This module exploits an authentication bypass vulnerability
in login.php. In conjuction with the authentication bypass issue,
the 'jlist' parameter in property_box.php can be used to execute
arbitrary system commands.
This module was tested against Oracle Sec
Metasploit
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
metasploit
CVE-2010-0904 Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
This module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32).
Metasploit
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
metasploit
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
This module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in property_box.php can be used to execute arbitrary system commands. This module was tested against Oracle Secure Backup version 10.3.0.1.0
No writeups or analysis indexed.
http://securityreason.com/securityalert/8354http://securityreason.com/securityalert/8356http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlhttp://securityreason.com/securityalert/8354http://securityreason.com/securityalert/8356http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
2010-07-13
Published