CVE-2014-4210 PoC — Oracle WebLogic Server 安全漏洞

Source

Associated Vulnerability

Description

Weblogic SearchPublicRegistries SSRF(CVE-2014-4210) Exploit Script based on Python3

Readme

# WebLogic-SSRF_CVE-2014-4210
Weblogic SearchPublicRegistries SSRF(CVE-2014-4210) Exploit Script based on Python3
# Usage
optional arguments:  
  -h, --help        show this help message and exit  
  -u U        Single Target URL  
  -uf UF        Read URLs from file  
  -p P        Only scan specified ports  
  -sn SN        Only scan specified subnets  
  -sf SF        Only scan IP in files  
  --timeout TIMEOUT        Specify the timeout,default 2s  
  --header HEADER        Specify HTTP request header parameters and values, JSON format  
  -d        Only detect whether the vulnerability exists  
  -A        Only scan default Class A subnet  
  -B        Only scan default Class B subnet  
  -C        Only scan default Class C subnet  
# Example
Detect a single URL for vulnerabilities  
![Image text](https://github.com/NHPT/WebLogic-SSRF_CVE-2014-4210/blob/main/img/d.png)  
Detect multiple URLs for vulnerabilities  
![Image text](https://github.com/NHPT/WebLogic-SSRF_CVE-2014-4210/blob/main/img/uf.png)  
Detect the common ports open on the specified network segment  
![Image text](https://github.com/NHPT/WebLogic-SSRF_CVE-2014-4210/blob/main/img/sn.png)  

File Snapshot

 [4.0K]  /data/pocs/56a04cc76c33801d4889a96bf69052504b0301e1
├── [4.0K]  img
│   ├── [3.9K]  d.png
│   ├── [3.4K]  sn.png
│   └── [ 12K]  uf.png
├── [1.7K]  README.md
├── [7.1K]  Weblogic_SSRF.json
└── [9.0K]  Weblogic-SSRF.py

1 directory, 6 files

Remarks