CVE-2019-2725 PoC — Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞

Source

https://github.com/welove88888/CVE-2019-2725

Associated Vulnerability

Title:Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞 (CVE-2019-2725)
Description:Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Readme

# CVE-2019-2725
# weblogic命令回显+webshell上传<br/>
**免责声明:本工具仅供安全测试学习用途,禁止非法使用**<br/>
**weblogic命令回显+webshell上传**<br/>
脚本简介：<br/>
本脚本是基于weblogic 10.3.6和12.1.3版本进行测试，并用python3编写。<br/>
10.3.6使用的jdk7u21的payload<br/>
12.1.3使用的org.slf4j.ext.EventData类二次反序列化<br/>
py依赖的第三方库 requests、logzero<br/>
## 基础参数：
![10.0.3效果图](https://github.com/TopScrew/CVE-2019-2725/blob/master/1560144446677.jpg)
## 命令回显：
![10.0.3效果图](https://github.com/TopScrew/CVE-2019-2725/blob/master/1560144585337.jpg)
## Webshell上传：
![10.0.3效果图](https://github.com/TopScrew/CVE-2019-2725/blob/master/1560144774408.jpg)

参考：https://mp.weixin.qq.com/s/rI6VGSiQ0SbGWUjQpQ-qfw

File Snapshot


 [4.0K]  /data/pocs/2d26a45dc73f5226a187396fa28cda9bfa6f46ad
├── [ 96K]  1560144446677.jpg
├── [128K]  1560144585337.jpg
├── [286K]  1560144774408.jpg
├── [ 848]  README.md
└── [387K]  weblogic-2019-2725.py

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!