Exploit for CVE-2021-35587

## https://sploitus.com/exploit?id=27AD78EB-7B32-58E2-B2B6-6DFA709576AB
* CVE-2021-35587
--------
** Description
    - POC for CVE-2021-35587: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
    - create by antx at 2022-03-14.
--------
** Detail
    - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent).
    - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
    - Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.
--------
** CVE Severity
    - attackComplexity: LOW
    - attackVector: NETWORK
    - availabilityImpact: HIGH
    - confidentialityImpact: HIGH
    - integrityImpact: HIGH
    - privilegesRequired: NONE
    - scope: UNCHANGED
    - userInteraction: NONE
    - version: 3.1
    - baseScore: 9.8
    - baseSeverity: CRITICAL
--------
** Affect
    - Access Manager
        - 11.1.2.3.0
        - 12.2.1.3.0
        - 12.2.1.4.0
--------
** POC
    - [[./CVE-2021-35587.py][Poc]]
--------
** Reference
    - Ref-Source
        - [[https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316][Oracle Access Manager pre-authentication Remote Code Execution CVE-2020-35587]]
        - [[https://github.com/cckuailong/reapoc/blob/4eb15938ed9f44aa7db47fdbb88bc45f556b02bb/2021/CVE-2021-35587/poc/nuclei/CVE-2021-35587.yaml][Nuclei POC <CVE-2021-35587>]]
    - Ref-Risk
        - [[https://nvd.nist.gov/vuln/detail/CVE-2021-35587][NVD<CVE-2021-35587>]]
    - CVE
        - [[https://github.com/CVEProject/cvelist/blob/master/2021/35xxx/CVE-2021-35587.json][CVE-2021-35587]]
        - [[https://nvd.nist.gov/vuln/detail/CVE-2021-35587][NVD<CVE-2021-35587>]]
    - Ref-Poc-Engine
        - [[https://github.com/antx-code/pocx][pocx]]