# CVE-2020-14882 HoaxShell
This Python script is designed to exploit a Remote Code Execution vulnerability in Oracle WebLogic Server (CVE-2020-14882) to execute commands on a vulnerable target server and capture their output through HTTP requests. It first prompts for a target WebLogic URL and network interface, then enters a loop where the user can input commands. For each command, it automatically allocates an available port and creates a temporary HTTP listener on that port. The script formats the command to be executed on the target WebLogic system, wrapping it in a PowerShell command that will send its output back to the listener via an HTTP POST request. A separate thread handles the listening for the HTTP response while the main thread sends the exploit to the target through WebLogic's console portal. Once the response is received, the listener thread prints the full HTTP request (including headers and body) to standard output and signals completion. Finally, the port is closed, and the user can enter another command or exit the program.
[4.0K] /data/pocs/9a01a341289224acc91a7cd04e7ddd03dee66b41
├── [4.8K] cve_2020_14882.py
└── [1.0K] README.md
0 directories, 2 files