CVE-2023-21931 PoC — Oracle WebLogic Server 安全漏洞

Source

https://github.com/TimeSHU/weblogic_CVE-2023-21931_POC-EXP

Associated Vulnerability

Title:Oracle WebLogic Server 安全漏洞 (CVE-2023-21931)
Description:Oracle WebLogic Server是美国甲骨文（Oracle）公司的一款适用于云环境和传统环境的应用服务中间件，它提供了一个现代轻型开发平台，支持应用从开发到生产的整个生命周期管理，并简化了应用的部署和管理。 Oracle WebLogic Server 12.2.1.3.0版本、12.2.1.4.0版本和14.1.1.0.0版本存在安全漏洞，该漏洞源于允许未经身份验证的攻击者通过T3网络访问来破坏Oracle WebLogic Server，攻击者利用该漏洞可能导致对关键数据的未授权访问或对所

Readme

# POC&EXP of CVE-2023-21931

[**CVE-2023-21931 Analysis Article**](https://medium.com/@MMMarch7/unpacking-cve-2023-21931-a-comprehensive-analysis-of-the-weblogic-vulnerability-with-poc-exp-f2927e881572)

**[JNDI-Injection-Exploit](https://github.com/welk1n/JNDI-Injection-Exploit)**

## Description

Before running the PoC script, it's advisable to add the following JAR files as library dependencies:

```
coherence\lib
oracle_common\lib
oracle_common\modules
wlserver\modules
```

## POC&EXP

https://satoshi-box.com/pay/CJhZuu

File Snapshot


 [4.0K]  /data/pocs/48b43e4f1518fc9061751666c5acd71b7ceaf5df
└── [ 531]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!