A Server-Side Request Forgery vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) allows unauthenticated remote attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. This module uses the previous vulnerability to upload a jsp webshell into the PSEMHUB.war directory to deploy a network agent via the /PSIGW/HttpListeningConnector endpoint. First, the module will validate the vulnerability by using a random string as operation. If the target is vulnerable, the response should be a base64 encoded java string object with the text "Invalid Operation specified" Then, the module will use the REGISTER_WITH_PEERNAME operation, to get a valid peer ObjectName Then, the module will use the HANDLE_MESSAGE operation with an embedded ExecuteProcessActivityCommand object to create the jsp webshell file inside the PSEMHUB.war directory (a web-accessible location). Finally, the module will make a request to the webshell to deploy the network agent. The deployed agent will run with the same user privileges as the target software.
CVE Link
Exploit Platform
Exploit Type
Product Name