Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-2883 PoC — Oracle Fusion Middleware 安全漏洞

Source
https://github.com/MagicZer0/Weblogic_CVE-2020-2883_POC
Associated Vulnerability
Title:Oracle Fusion Middleware 安全漏洞 (CVE-2020-2883)
Description:Oracle Fusion Middleware(Oracle融合中间件)是美国甲骨文(Oracle)公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。 Oracle Fusion Middleware中的WebLogic Server的Core组件存在安全漏洞。攻击者可利用该漏洞控制WebLogic Server,影响数据的可用性、保密性和完整性。以下产品及版本受到影响:WebLogic Server 10.3.6.0.0版本,12.1.3.0.0版本,12.2.1.3.0版
Description
Proof of concept for Weblogic CVE-2020-2883
Readme
# POC for weblogic CVE-2020-2883

poc1:

```bash
 javax.management.BadAttributeValueExpException.readObject()
   com.tangosol.internal.sleepycat.persist.evolve.Mutations.toString()
     java.util.concurrent.ConcurrentSkipListMap$SubMap.size()
     java.util.concurrent.ConcurrentSkipListMap$SubMap.isBeforeEnd()
       java.util.concurrent.ConcurrentSkipListMap.cpr()
         com.tangosol.util.comparator.ExtractorComparator.compare()
           com.tangosol.util.extractor.ChainedExtractor.extract()
           com.tangosol.util.extractor.ReflectionExtractor().extract()
             Method.invoke()
             //...
           com.tangosol.util.extractor.ReflectionExtractor().extract()
             Method.invoke()
               Runtime.exec()
```

poc2:

```bash
java.util.PriorityQueue.readObject()
  java.util.PriorityQueue.heapify()
  java.util.PriorityQueue.siftDown()
  java.util.PriorityQueue.siftDownUsingComparator()
  com.tangosol.util.extractor.AbstractExtractor.compare()
    com.tangosol.util.extractor.MultiExtractor.extract()
      com.tangosol.util.extractor.ChainedExtractor.extract()
        //...
        Method.invoke()
            //...
          Runtime.exec()
```

## Cautious

1. 需要导入依赖的coherence包
2. T3的请求请自行构造

          
## Reference

https://www.thezdi.com/blog/2020/5/8/details-on-the-oracle-weblogic-vulnerability-being-exploited-in-the-wild
File Snapshot

 [4.0K]  /data/pocs/b79e9559fd563e358db0ff23f0290d6be07bece8
├── [ 806]  pom.xml
├── [1.4K]  README.md
├── [4.0K]  src
│   └── [4.0K]  main
│       └── [4.0K]  java
│           ├── [4.6K]  Gadget1.java
│           └── [3.6K]  Gadget2.java
└── [  80]  weblogic_cve-2020-2883.iml

3 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.