CVE-2017-10366 PoC — Oracle PeopleSoft Products PeopleSoft Enterprise PT PeopleTools组件安全漏洞

Source

Associated Vulnerability

Description

CVE-2017-10366: Oracle PeopleSoft 8.54, 8.55, 8.56 Java deserialization exploit

Readme

# CVE-2017-10366: Oracle PeopleSoft 8.54, 8.55, 8.56 Java deserialization exploit

This script automates the exploitation of a Java deserialization vulnerability
in Oracle PeopleSoft, originally discovered by Vahagn Vardanyan.

This exploit requires ysoserial.jar to generate cross-platform serialized
Java payloads. ysoserial must be in the same directory as this script.

PS: It uses ysoserial-modified.jar, which can be found in https://github.com/pimps/ysoserial-modified/

Copyright 2016-2018, Blaze Information Security

File Snapshot

 [4.0K]  /data/pocs/94eb356831b79f7268f59e2d350cb22dd94f32ea
├── [3.7K]  CVE-2017-10366_peoplesoft.py
└── [ 526]  README.md

0 directories, 2 files

Remarks