Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Exploit

A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2016-0491
Product Version: 
2015_R1
Released Date: 
Tuesday, February 23, 2016 - 00:00