CVE-2024-21006 PoC — Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞

Source

https://github.com/lightr3d/CVE-2024-21006_jar

Associated Vulnerability

Title:Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞 (CVE-2024-21006)
Description:Oracle Fusion Middleware（Oracle融合中间件）和Oracle WebLogic Server都是美国甲骨文（Oracle）公司的产品。Oracle Fusion Middleware是一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。Oracle WebLogic Server是一款适用于云环境和传统环境的应用服务中间件，它提供了一个现代轻型开发平台，支持应用从开发到生产的整个生命周期管理，并简化了应用的部署和管理。 Oracle Fusion Middl

Description

CVE-2024-21006 exp

Readme

# CVE-2024-21006_jar
exp代码参考：https://github.com/momika233/CVE-2024-21006

这里将源代码编译成了一个jar包，方便使用。lib下是依赖文件，如果想修改源码可自行编译。



### 使用

```
java -jar CVE-2024-21006.jar <ip> <port> <ldapUrl>
```

![](./image/01.png)

![](./image/02.png)



复现过程遇到的问题：https://github.com/momika233/CVE-2024-21006/issues/1



### 参考

https://blog.csdn.net/zwy15288408160/article/details/138189146

https://blog.csdn.net/m0_46109609/article/details/114373594

File Snapshot


 [4.0K]  /data/pocs/ca009754766a25528a61b18ddf5c68dcc6b164ae
├── [ 58M]  CVE-2024-21006.jar
├── [4.0K]  image
│   ├── [ 41K]  01.png
│   └── [140K]  02.png
├── [4.0K]  lib
│   ├── [1.3M]  com.oracle.weblogic.application.jar
│   ├── [ 35M]  weblogic.jar
│   └── [ 52M]  wlfullclient.jar
├── [ 556]  README.md
└── [4.0K]  src
    ├── [4.0K]  META-INF
    │   └── [  75]  MANIFEST.MF
    └── [4.0K]  org
        └── [4.0K]  example
            └── [3.6K]  messageDestinationReference.java

6 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!