The vulnerability exists in the BneMultipartRequest class, which handles file uploads for the Oracle Web Applications Desktop Integrator (Web ADI). Arbitrary File Upload leading to RCE.
Attackers use or directory traversal techniques within the ZIP to place a malicious JSP web shell into a reachable web directory. 🔍 Inside a Typical "hax.zip" Payload hAX.zip
The ZIP contains files with paths like ../../../../path/to/shell.jsp to escape the intended upload folder. hAX.zip
Restrict write permissions on web-accessible directories to prevent the execution of uploaded scripts. hAX.zip
Once decoded, the resulting ZIP file is extracted by the server.