This Metasploit module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in property_box.php can be used to execute arbitrary system commands. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0
a6b9f81b959d5734b4b0566c794ef98effe3e6416939923022fc0bcd168099f4