Create oracle-ebs-registration-enabled.yaml

2026-01-31 07:43:27 +08:00 · 2026-01-19 10:34:27 +05:30
parent 17e36fdbe3
commit 971cb4edf3
1 changed files with 35 additions and 0 deletions
--- a/http/misconfiguration/oracle-ebs-registration-enabled.yaml
+++ b/http/misconfiguration/oracle-ebs-registration-enabled.yaml
@@ -0,0 +1,35 @@
+id: oracle-ebs-registration-enabled
+
+info:
+  name: Oracle EBS - Registration Enabled
+  author: theamanrawat
+  severity: info
+  description: |
+    Detected if the User Management (UMX) Self-Service Registration page is accessible in Oracle E-Business Suite. This feature allows external users to create accounts, which may not be desirable for all deployments.
+  reference:
+    - https://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
+  metadata:
+    shodan-query: html:"OA_HTML"
+    fofa-query: body="OA_HTML"
+  tags: oracle,ebs,registration,exposure
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/OA_HTML/OA.jsp?page=/oracle/apps/fnd/umx/login/webui/NewUserRegPG"
+      - "{{BaseURL}}/OA_HTML/ibeCAcpSSOReg.jsp"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Register"
+          - "OA_HTML/loadCSRFGuard"
+          - "OA_MEDIA"
+        condition: and
+
+      - type: status
+        status:
+          - 200