CVE-2021-35587 POC

id: CVE-2021-35587
info:  name: Pre-auth RCE in Oracle Access Manager  author: cckuailong  description: |    Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.  severity: critical  reference:    - https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316    - https://nvd.nist.gov/vuln/detail/CVE-2021-35587  classification:    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H    cvss-score: 9.80    cve-id: CVE-2021-35587    cwe-id: CWE-502  metadata:    fofa-query: body="/oam/pages/css/login_page.css"  tags: cve,cve2021,oam,rce,java,unauth
requests:  - method: GET    path:      - '{{BaseURL}}/oam/server/opensso/sessionservice'
    matchers-condition: and    matchers:      - type: status        status:          - 200
      - type: word        case-insensitive: true        words:          - "X-ORACLE-DMS-ECID"          - "X-ORACLE-DMS-RID"        part: header        condition: or
      - type: word        words:          - "/oam/pages/css/general.css"          - "login-footer-version"          - "Oracle Corporation"        part: body        condition: and