Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Exploit

A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.
Exploit type: 
Vulnerabilty ID: 
Product Version: 
Released Date: 
Tuesday, February 23, 2016 - 00:00