Hax.zip Today

Ensure Oracle E-Business Suite is patched against CVE-2022-21587 .

Attackers use or directory traversal techniques within the ZIP to place a malicious JSP web shell into a reachable web directory. 🔍 Inside a Typical "hax.zip" Payload hAX.zip

The vulnerability exists in the BneMultipartRequest class, which handles file uploads for the Oracle Web Applications Desktop Integrator (Web ADI). Arbitrary File Upload leading to RCE. hAX.zip