关联漏洞
标题:
Oracle WebLogic Server 安全漏洞
(CVE-2014-4210)
描述:Oracle WebLogic Server是美国甲骨文(Oracle)公司的一款适用于云环境和传统环境的应用服务器,它提供了一个现代轻型开发平台,支持应用从开发到生产的整个生命周期管理,并简化了应用的部署和管理。 Oracle Fusion Middleware 10.0.2.0和10.3.6.0版本的Oracle WebLogic Server组件中的WLS - Web Services子组件存在安全漏洞。远程攻击者可利用该漏洞读取数据,影响数据的保密性。
描述
CVE-2014-4210 SSRF PORTSCANNER PoC
介绍
# CVE-2014-4210 SSRF PORTSCANNER PoC
Author: Aaron Mizrachi (unmanarc) <aaron@unmanarc.com>
Twitter: https://twitter.com/unmanarc
License: LGPLv3
## Liability / Legal Disclaimer
This project is made for EDUCATIONAL and ETHICAL TESTING purposes ONLY. Using of source code in this repository for attacking targets without prior signed mutual consent is ILLEGAL.
I take NO responsibility and/or liability for how you choose to use any of information including source code in this repository. By accessing and using any of files in this repository, you AGREE TO USE AT YOUR OWN RISK. Once again, ALL files available here are for EDUCATIONAL and ETHICAL TESTING purposes ONLY.
## Functionality
This program is a proof of concept of CVE-2014-4210 bug present in WebLogic.
It takes advantage of the SSRF bug to check if some port is open or closed,
It can be used to port scan remote ports.
## References
* https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
## How it works
uddi explorer uses JS to display the web, so it was not easy to make a console-based JS interpreter to decode the information (like a curl with bash).
therefore, I opted to use a embedded web browser to execute the request with the SSRF vulnerability. This runs in a loop and gets remote open ports.
## How to build
first download/clone this repo and cd into it, then:
```
qmake-qt5 .
make
```
You may also use qtcreator to build, just open the .pro project file with it and run.
文件快照
[4.0K] /data/pocs/3f8aa880e7b89938c5af0ba0c9b128c22b3209eb
├── [1.1K] CVE-2014-4210-SSRF-PORTSCANNER-POC.pro
├── [4.0K] htmls
│ └── [1.6K] in.html
├── [4.0K] icons
│ └── [1.9K] iconfinder_Hacker_379509.svg
├── [4.0K] images
│ └── [159K] screenshot01.jpg
├── [7.5K] LICENSE
├── [ 188] rc.qrc
├── [1.5K] README.md
├── [4.0K] src
│ ├── [ 363] main.cpp
│ ├── [2.3K] mainwindow.cpp
│ ├── [ 676] mainwindow.h
│ ├── [3.8K] mainwindow.ui
│ ├── [ 239] webpage.cpp
│ └── [ 282] webpage.h
└── [4.0K] styles
└── [ 12K] manjaro.qss
5 directories, 14 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。