weblogic_wls_wsat_rce

Weblogic wls-wsat组件反序列化漏洞(CVE-2017-10271)利用脚本，参考https://github.com/s3xy/CVE-2017-10271修改。

命令执行并回显
直接上传shell
在linux下weblogic 10.3.6.0测试OK

使用方法及参数

python weblogic_wls_wsat_exp.py -t 172.16.80.131:7001

usage: weblogic_wls_wsat_exp.py [-h] -t TARGET [-c CMD] [-o OUTPUT] [-s SHELL]

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        weblogic ip and port(eg -> 172.16.80.131:7001)
  -c CMD, --cmd CMD     command to execute,default is "id"
  -o OUTPUT, --output OUTPUT
                        output file name,default is output.txt
  -s SHELL, --shell SHELL
                        local jsp file name to upload,and set -o xxx.jsp

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
README.md		README.md
exec.jsp		exec.jsp
weblogic_check_version.py		weblogic_check_version.py
weblogic_wls_wsat_exp.py		weblogic_wls_wsat_exp.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

exec.jsp

exec.jsp

weblogic_check_version.py

weblogic_check_version.py

weblogic_wls_wsat_exp.py

weblogic_wls_wsat_exp.py

Repository files navigation

weblogic_wls_wsat_rce

About

Releases

Packages

Languages

cjjduck/weblogic_wls_wsat_rce

Folders and files

Latest commit

History

Repository files navigation

weblogic_wls_wsat_rce

About

Resources

Stars

Watchers

Forks

Languages