Hax.zip

The vulnerability exists in the BneMultipartRequest class, which handles file uploads for the Oracle Web Applications Desktop Integrator (Web ADI). Arbitrary File Upload leading to RCE.

Attackers use a specially crafted ZIP file (often named hax.zip in security write-ups) to bypass directory restrictions. Mechanism: The system accepts a uuencoded file. hAX.zip

Look for unusual ZIP extractions in system logs or the presence of .jsp files in unexpected directories like /OA_HTML/ . hAX.zip