CVE-2021-2302 PoC — Oracle Fusion Middleware 输入验证错误漏洞

Source

https://github.com/quynhle7821/CVE-2021-2302

Associated Vulnerability

Title:Oracle Fusion Middleware 输入验证错误漏洞 (CVE-2021-2302)
Description:Oracle Fusion Middleware（Oracle融合中间件）是美国甲骨文（Oracle）公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。 Oracle Fusion Middleware Oracle Platform Security for Java OPSS 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 存在输入验证错误漏洞，该漏洞允许未经身份验证的攻击者通过HTTP进行网络访问，从而危及Oracle平台对Java的安全性。导致Or

Readme

# CVE-2021-2302

Author: quynhle

Gadget chain
 
    javax.management.BadAttributeValueExpException.readObject()
      oracle.security.jps.az.internal.common.principals.toString()
	    oracle.security.jps.az.internal.common.principals.getResolvedPrincipal()
	         . . . con.newInstance() . . .
	      com.tangosol.coherence.mvel2.sh.ShellSession()
	      com.tangosol.coherence.mvel2.sh.ShellSession.exec()
	              . . . MVEL expression . . .
      --->   RCE
      
# Lab Environment
- Orace Weblogic Server: 12.1.2.3
- Oracle Business Intelligence: 12.1.2.4
- Oracle Database 19c

# PoC
![gif](https://user-images.githubusercontent.com/34308443/133580416-7373d471-98c9-44a6-b8a5-2248a14e1209.gif)

File Snapshot


 [4.0K]  /data/pocs/21bbd77e4a21d7e7fea6c9aaac68203e84e9d356
├── [4.0K]  lib
│   ├── [1.1M]  jps-api.jar
│   ├── [416K]  jps-az-common.jar
│   └── [9.2M]  wlthint3client.jar
├── [ 711]  README.md
└── [4.0K]  src
    └── [1.2K]  PoC_CVE_2021_2302.java

2 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!