-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Weblogic_serialize_rawobject CVE-2015-4852 #11131
Conversation
documentation/modules/exploit/multi/misc/weblogic_deserialize_rawobject.md
Outdated
Show resolved
Hide resolved
Co-Authored-By: acamro <acamro@users.noreply.github.com>
Co-Authored-By: acamro <acamro@users.noreply.github.com>
…rawobject.md Co-Authored-By: acamro <acamro@users.noreply.github.com>
There's currently a PR #11125 open to deal with automatically generating YSOserial payloads. Unfortunately I'm not sure if it will land any time soon. Generally, in instances where there's giant blobs of serialized data, it's nice to have accompanying comments which describe the commands used to generate the blob. |
documentation/modules/exploit/multi/misc/weblogic_deserialize_rawobject.md
Show resolved
Hide resolved
I've added additional comments to the serialized blobs for clarity. |
…nd other small fixes
@acamro : Please see my comment in the other PR: #11134 (comment). Thanks!! |
Release NotesThe multi/misc/weblogic_deserialize_rawobject exploit module has been added to the framework. This exploit leverages a JSO deserialization vulnerability against Oracle WebLogic v10.3.6.0 and v12.1.3.0. |
While landing PR rapid7#11131, I overwrote weblogic_deserialize_rawobject.rb with weblogic_deserialize_unicastref.rb, destroying my changes and introducing a great deal of confusion.
While landing PR rapid7#11131, I overwrote weblogic_deserialize_rawobject.rb with weblogic_deserialize_unicastref.rb, destroying my changes and introducing a great deal of confusion.
While landing PR rapid7#11131, I tripped over my own shoelaces and overwrote `weblogic_deserialize_rawobject.rb` with `weblogic_deserialize_unicastref.rb`, destroying my changes and introducing a great deal of confusion. This PR gets us back to where we should have been, with rapid7#11131 landed and a few changes to add randomization and expanding on the T3 protocol.
Hi everyone,
Please, add this exploit module for CVE-2015-4852, Oracle Weblogic Deserialization Vulnerability,
It was tested on Windows 7 x64 with Oracle Weblogic Server v10.3.6.0 and v12.1.3.0
TODO
Test on Linux
Test on Solaris
Improve the documentation
DEMO
Verification
msfconsole
use exploit/multi/misc/weblogic_deserialize_rawobject