CVE-2018-2636 PoC — Oracle Hospitality Applications Oracle Hospitality Simphony组件安全漏洞

Source

https://github.com/erpscanteam/CVE-2018-2636

Associated Vulnerability

Title:Oracle Hospitality Applications Oracle Hospitality Simphony组件安全漏洞 (CVE-2018-2636)
Description:Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Description

ERPScan Public POC for CVE-2018-2636

Readme

# Install
```
$ pip install --user requests argparse unicodedata
```


# Info
POC for CVE-2018-2636.


# Usage example
```
python eGw.py -H 127.0.0.1 -P 8080 -i 
...
[*] Let's get info about server
[!] Your instance is vulnerable to CVE-2018-2636
...
```
# Links
[Oracle Critical Patch Update Advisory January 2018 - CVE-2018-2636](http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html)

[Oracle Micros POS breached again](https://erpscan.com/press-center/blog/oracle-micros-pos-breached/)

File Snapshot


 [4.0K]  /data/pocs/c08c82bd3a2d9651ef9c9aaa6a997ff4287392b3
├── [ 12K]  eGw.py
└── [ 512]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!