CVE-2015-4852 PoC — Oracle WebLogic Server WLS Security组件安全漏洞

Source

https://github.com/AndersonSingh/serialization-vulnerability-scanner

Associated Vulnerability

Title:Oracle WebLogic Server WLS Security组件安全漏洞 (CVE-2015-4852)
Description:Oracle WebLogic Server是美国甲骨文（Oracle）公司的一款适用于云环境和传统环境的应用服务器，它提供了一个现代轻型开发平台，支持应用从开发到生产的整个生命周期管理，并简化了应用的部署和管理。WLS Security是其中的一个安全组件。 Oracle WebLogic Server的WLS Security组件中存在安全漏洞。远程攻击者可借助发送到TCP 7001端口的T3协议流量中特制的序列化Java对象，利用该漏洞执行任意命令。

Description

CVE-2015-4852 Oracle WebLogic Scanner

File Snapshot


 [4.0K]  /data/pocs/f61ea5e7566fe91de3109c1a6100cd8c11101ec1
├── [ 449]  custom_script_results.txt
├── [1.3K]  nmap_scanner.py
├── [ 454]  nmap_script_results.txt
├── [2.8K]  scanner.py
└── [  58]  targets.txt

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!