CVE-2018-2628 PoC — Oracle Fusion Middleware 代码问题漏洞

Source

https://github.com/aedoo/CVE-2018-2628-MultiThreading

Associated Vulnerability

Title:Oracle Fusion Middleware 代码问题漏洞 (CVE-2018-2628)
Description:Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Description

WebLogic WLS核心组件反序列化漏洞多线程批量检测脚本 CVE-2018-2628-MultiThreading

Readme

# WebLogic WLS核心组件反序列化漏洞 #

# CVE-2018-2628 #

用法：将需要检测的 ip:port 放入同目录下的url.txt文件中。然后运行：（代码93行处修改线程数）

`python CVE-2018-2628-MultiThreading.py` 

Usage: Place the 'ip:port' to be detected into the url.txt file in the same directory. Then run:

`python CVE-2018-2628-MultiThreading.py` 



运行环境： python2

environment：python2

File Snapshot


 [4.0K]  /data/pocs/14e9535f0cd6d0136f47c88df1c1954e33677784
├── [7.6K]  CVE-2018-2628-MultiThreading.py
├── [ 427]  README.md
└── [  16]  url.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!