CNVD-C-2019-48814 work on linux and windows(CVE-2019-2725)

WebLogic wls9-async反序列化远程命令执行漏漏洞

说明

It's does't work when weblogic patched for cve-2017-10271
- 10.3.6.0
- 12.1.3.0

基于jas502n的脚本修改而成

使用

python async_command_favicon_all.py http://127.0.0.1:7001

漏洞复现

1. Windows Server 2012

servers/AdminServer/tmp/_WL_internal/bea_wls_internal/9j4dqk/war/favicon.ico

2. Windows Server 2012

servers/myserver/tmp/_WL_internal/bea_wls_internal/uwyp3r/war/favicon.ico
- when you create WLS domain with terminal, it will create myserver instead of AdminServer which create WLS domain by invoking the GUI configurationwizard.

3. Linux

servers/AdminServer/tmp/_WL_internal/bea_wls_internal/9j4dqk/war/favicon.ico

参考链接

Weblogic反序列化远程代码执行漏洞（CVE-2019-2725）分析报告

Bypass patch for CVE-2017-10271

Oracle Security Alert Advisory - CVE-2019-2725

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
images		images
LICENSE		LICENSE
README.md		README.md
async_command_favicon_all.py		async_command_favicon_all.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CNVD-C-2019-48814 work on linux and windows(CVE-2019-2725)

说明

使用

漏洞复现

1. Windows Server 2012

2. Windows Server 2012

3. Linux

参考链接

About

Releases

Packages

Languages

License

skytina/CNVD-C-2019-48814-COMMON

Folders and files

Latest commit

History

Repository files navigation

CNVD-C-2019-48814 work on linux and windows(CVE-2019-2725)

说明

使用

漏洞复现

1. Windows Server 2012

2. Windows Server 2012

3. Linux

参考链接

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages