CVE-2023-22047 Scanner
CVE-2023-22047 Scanner - Arbitrary File Read vulnerability in Oracle PeopleSoft Enterprise PeopleTools
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
10 days 20 hours
Scan only one
URL
Toolbox
-
Oracle PeopleSoft Enterprise PeopleTools is a suite of tools used by organizations to develop, deploy, and manage PeopleSoft applications. It is widely adopted in sectors such as education, finance, and government for enterprise resource planning (ERP). This software allows users to manage business processes and enterprise data efficiently. It includes a web-based portal interface that supports user customization and workflow automation. Developers and system administrators use it to configure and secure application behavior. It is often integrated with databases and external systems for broad enterprise use.
This scanner detects an Arbitrary File Read vulnerability in Oracle PeopleSoft Enterprise PeopleTools. The flaw allows remote unauthenticated attackers to access sensitive files on the system via specially crafted URLs. Exploitation is possible through an insecure endpoint that fails to sanitize user input properly. It does not require user interaction or prior authentication, making it highly exploitable. Attackers can target Linux and Windows systems alike by specifying paths such as /etc/passwd or C:\windows\win.ini. The impact can include unauthorized access to system or user data.
The vulnerability is found in the `/RP` endpoint, where the `wsrp-url` parameter is improperly validated. An attacker can supply local file paths to this parameter, resulting in the server returning file contents. The scanner uses two payloads to attempt file read operations on both Unix-like and Windows systems. Matching responses are checked against known file contents like "root:.*:0:0:" for /etc/passwd or "bit app support" for win.ini. The presence of a 200 HTTP status and a specific content type further confirms successful exploitation. This behavior confirms the server's susceptibility to file disclosure.
If exploited, attackers could read system configuration files, credential files, or other sensitive data. This can lead to further attacks, including privilege escalation or lateral movement in the network. In regulated environments, this breach could also result in compliance violations. Internal information exposure could be used for social engineering or password guessing attacks. Such vulnerabilities significantly reduce the security posture of an organization. Immediate remediation is necessary to avoid unauthorized access or data breaches.
REFERENCES