Pwning Oracle EBS for Real Profit

Explore a comprehensive conference talk from Ekoparty Security Conference 2019 that delves into exploiting Oracle E-Business Suite (EBS) for financial gain. Learn about two critical vulnerabilities discovered by security researchers Gaston Traberg and Martin Doyhenard: a Java Deserialization leading to SQL injection and an Arbitrary File Upload allowing OS command execution. Understand how attackers can leverage ERP systems to process fraudulent transactions and generate real cashable checks. Gain insights into the potential risks faced by medium to large organizations using ERP applications for sensitive business operations. Discover the intersection between technical exploitation and insider knowledge of financial systems, and witness a live demonstration of tricking a target system into printing an actual check.

Gaston Traberg & Martin Doyhenard - Pwning Oracle EBS for Real Profit - Ekoparty 2019