{"id":19069560,"url":"https://github.com/gobysec/weblogic","last_synced_at":"2026-02-28T19:32:33.941Z","repository":{"id":153330804,"uuid":"628968876","full_name":"gobysec/Weblogic","owner":"gobysec","description":"WebLogic vulnerability exploration from beginner to expert.","archived":false,"fork":false,"pushed_at":"2023-04-27T10:57:20.000Z","size":149,"stargazers_count":156,"open_issues_count":1,"forks_count":20,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-02-22T03:42:00.547Z","etag":null,"topics":["cve-2023-21839","cve-2023-21931","weblogic"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gobysec.png","metadata":{"files":{"readme":"README-zh.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-17T11:00:26.000Z","updated_at":"2025-01-11T21:24:48.000Z","dependencies_parsed_at":null,"dependency_job_id":"a7e65792-1f78-4c30-9b45-0442eb4ed18d","html_url":"https://github.com/gobysec/Weblogic","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/gobysec/Weblogic","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gobysec%2FWeblogic","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gobysec%2FWeblogic/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gobysec%2FWeblogic/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gobysec%2FWeblogic/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gobysec","download_url":"https://codeload.github.com/gobysec/Weblogic/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gobysec%2FWeblogic/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29948879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-28T18:42:55.706Z","status":"ssl_error","status_checked_at":"2026-02-28T18:42:48.811Z","response_time":90,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2023-21839","cve-2023-21931","weblogic"],"created_at":"2024-11-09T01:14:46.194Z","updated_at":"2026-02-28T19:32:33.912Z","avatar_url":"https://github.com/gobysec.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"[English](https://github.com/gobysec/Weblogic/blob/main/README.md)｜ [中文](https://github.com/gobysec/Weblogic/blob/main/README-zh.md)\n\n# WebLogic漏洞研究专题\n\n## [*Weblogic CVE-2023-21931 漏洞挖掘技巧：后反序列化利用* ](https://github.com/gobysec/Weblogic/blob/main/WebLogic_CVE-2023-21931_zh_CN.md)\n\n摘要：近些年，Weblogic反序列化漏洞一直围绕着反序列化的触发点进行漏洞挖掘，事实上还有很多存在反序列化但无法实时利用的点，在大家平时的漏洞挖掘中容易忽略。在行业内也有一些关于”后反序列化“的进一步讨论，这些看似无法利用的漏洞，其实可以通过一些后续的技巧完成稳定的利用效果。例如，进行`bind()`或`rebind()`操作后，并没有触发漏洞，此时可以尝试其他方法如`lookup()`、`lookupLink()`等触发漏洞。\n通过这种思路我们发现了两个Weblogic的后反序列化漏洞（CVE-2023-21931、CVE-2023-21839），获得了Oracle的官方确认。本文以这两个Weblogic漏洞为例，分享\"后反序列化漏洞\"的利用思路。我们相信还有很多这类的漏洞在未来会逐渐被挖掘出来，希望本篇文章能够给大家一些启发。\n\n[CVE-2023-21931](https://github.com/gobysec/GobyVuls/blob/master/CVE-2023-21931.md)\n\n\n## [*越语言的艺术：Weblogic序列化漏洞与IIOP协议* ](https://github.com/gobysec/Weblogic/blob/main/Weblogic_Serialization_Vulnerability_and_IIOP_Protocol_zh_CN.md)\n\n摘要：Weblogic 的序列化漏洞主要依赖于 T3 和 IIOP 协议，这两种协议在通信交互的过程中存在如跨语言、网络传输等方面的诸多问题，会给漏洞的检测和利用带来许多不便。在白帽汇安全研究院的理念中，漏洞检测和利用是一项需要创造性的工作，应该以最简洁，高效的方式实现，这样才能确保漏洞的跨平台和实用性。因此，我们通过跨语言方式实现 IIOP 协议通信，以解决出现的序列化漏洞问题。\n在 Goby 中的 CVE-2023-21839 漏洞中，我们成功的实现了IIOP 协议跨语言通信的方案，实现了完美漏洞的检测与利用效果。\n\n## [*WebLogic Coherence 组件漏洞总结分析* ](https://github.com/gobysec/Weblogic/blob/main/WebLogic_Coherence_Component_zh_CN.md)\n\n摘要：本文涉及的漏洞有：CVE-2021-2135 ，CVE-2021-2394，CVE-2020-2555，CVE-2020-2883，CVE-2020-14645，CVE-2020-14825 ， CVE-2020-14841，CVE-2020-14756\n近些年，weblogic Coherence 组件反序列化漏洞被频繁爆出，苦于网上没有公开对 weblogic Coherence 组件历史反序列化漏洞的总结，导致很多想入门或者了解 weblogic Coherence 组件反序列化漏洞的朋友不知道该怎么下手，于是本文便对 weblogic Coherence 组件历史反序列化漏洞做出了一个总结和分析。\n\n## [*Weblogic CVE-2021-2394反序列化漏洞分析* ](https://github.com/gobysec/Weblogic/blob/main/Analysis_of_CVE-2021-2394_zh_CN.md)\n\n摘要：在2021年7月21日，Oracle官方发布了一系列安全更新。涉及旗下产品（Weblogic Server、Database Server、Java SE、MySQL等）的 342 个漏洞。其中，Oracle WebLogic Server 产品中有高危漏洞，漏洞编号为 CVE-2021-2394，CVSS 评分9.8分，影响多个 WebLogic 版本，且漏洞利用难度低，可基于 T3 和 IIOP 协议执行远程代码。\n\n## [*Weblogic 远程命令执行漏洞（CVE-2020-14645）分析* ](https://github.com/gobysec/Weblogic/blob/main/Analysis_of_CVE-2020-14645_zh_CN.md)\n\n摘要：近期公布的关于 Weblogic 的反序列化RCE漏洞 CVE-2020-14645，是对 CVE-2020-2883的补丁进行绕过。之前的 CVE-2020-2883 本质上是通过 ReflectionExtractor 调用任意方法，从而实现调用 Runtime 对象的 exec 方法执行任意命令，补丁将 ReflectionExtractor 列入黑名单，那么可以使用 UniversalExtractor 重新构造一条利用链。UniversalExtractor 任意调用 get、is方法导致可利用 JDNI 远程动态类加载。UniversalExtractor 是 Weblogic 12.2.1.4.0 版本中独有的，本文也是基于该版本进行分析。\n\n## [*Weblogic 远程命令执行漏洞（CVE-2020-14644）分析* ](https://github.com/gobysec/Weblogic/blob/main/Analysis_of_CVE-2020-14644_zh_CN.md)\n\n2020 年 7 月 15 日，Oracle 发布大量安全修复补丁，其中 CVE-2020-14644 漏洞被评分为 9.8 分，影响版本为 12.2.1.3.0、12.2.1.4.0, 14.1.1.0.0 。本文基于互联网公开的 POC 进行复现、分析，最终实现无任何限制的 defineClass + 实例化，进行实现 RCE。\n\n\u003cbr/\u003e\n\n\u003cbr/\u003e\n\n**[Goby 官网: https://gobysec.net/](https://gobysec.net/)** \n\n如果您有任何反馈建议，您可通过提交 issue 或是以下方式联系我们：\n\n1. GitHub issue: [https://github.com/gobysec/Goby/issues](https://github.com/gobysec/Goby/issues)\n2. 微信群：关注公众号“GobySec“，回复暗号”加群“ （社群优势：可第一时间了解Goby功能发布、活动等咨询）\n3. Telegram Group: [http://t.me/gobies](http://t.me/gobies) \n4. 推特：[https://twitter.com/GobySec](https://twitter.com/GobySec)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgobysec%2Fweblogic","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgobysec%2Fweblogic","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgobysec%2Fweblogic/lists"}