Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-2725 PoC — Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞

Source
https://github.com/kerlingcode/CVE-2019-2725
Associated Vulnerability
Title:Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞 (CVE-2019-2725)
Description:Oracle Fusion Middleware(Oracle融合中间件)是美国甲骨文(Oracle)公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。WebLogic Server是其中的一个适用于云环境和传统环境的应用服务器组件。 部分版本WebLogic中默认包含的wls9_async_response包,为WebLogicServer提供异步通讯服务。由于该WAR包在反序列化处理输入信息时存在缺陷,攻击者可以发送精心构造的恶意HTTP请求,获得目标服务器的权限,在未授权
Description
CVE-2019-2725 bypass pocscan and exp
Readme
# CVE-2019-2725 bypass

## tips
coded in python3,payload[here](https://github.com/jiansiting/CVE-2019-2725 "here")</br>
that payload only work in jdk6</br>
![](https://github.com/kerlingcode/CVE-2019-2725/blob/master/bug.png)
## exp
usage: usage:exp.py 127.0.0.1:8080 whoami</br>
![](https://github.com/kerlingcode/CVE-2019-2725/blob/master/exp.png)</br>
![](https://github.com/kerlingcode/CVE-2019-2725/blob/master/exp2.png)</br>
## poc
after edit the ip.txt,programe will check the ip in ip.txt,testing if the vulnerability exist or not :
</br>
![](https://github.com/kerlingcode/CVE-2019-2725/blob/master/poc.png)
File Snapshot

 [4.0K]  /data/pocs/cda67edc741830288e31285e8490c54cb8b3a7be
├── [ 80K]  bug.png
├── [ 40K]  exp2.png
├── [ 19K]  exp.png
├── [4.9K]  poc.png
├── [ 617]  README.md
└── [4.0K]  weblogic
    ├── [4.0K]  exp
    │   ├── [172K]  payload.txt
    │   └── [ 582]  weblogic_exp.py
    ├── [4.0K]  poc
    │   ├── [  89]  ip.txt
    │   ├── [172K]  payload.txt
    │   ├── [  37]  readme.txt
    │   └── [ 800]  weblogic_poc.py
    └── [  53]  readme.txt

3 directories, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.