Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-10271 PoC — Oracle Fusion Middleware Oracle WebLogic Server组件安全漏洞

Source
https://github.com/SuperHacker-liuan/cve-2017-10271-poc
Associated Vulnerability
Title:Oracle Fusion Middleware Oracle WebLogic Server组件安全漏洞 (CVE-2017-10271)
Description:Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Description
cve-2017-10271 POC
Readme
# CVE-2017-10271 POC

## Introduction

This is an autotest poc for CVE-2017-10271. Having been tested on CentOS 7 and Windows 7/10.

## Building

This project is written in rust language. You need to install rust environment from https://www.rust-lang.org/ first and then build the project with the following code.

```bash
$ cargo build --release
```

Then you can get binary at `target/release/cve-2017-10271-poc`.

## Usage

### Show Help message

You can get help message by directly execute

```bash
$ cve-2017-10271-poc
```

### Test one site

Consider You have a site `http://www.test.com/`, which is CVE-2017-10271 vulnerable at `http://www.test.com/wls-wsat/CoordinatorPortType` or `http://www.test.com/wls-wsat/CoordinatorPortType11`.

To test such site. You can easily test it by executing

```bash
$ cve-2017-10271-poc http://www.test.com
```
If the site is vulnerable, the poc will told you which url is vulnerable. Otherwise it will tell 'Not Vulnerable'

### Test many sites

If you want to test many sites, you can append site as arg2, arg3, etc. i.e. the following execute will test three sites.

```bash
$ cve-2017-10271-poc http://www.test.com http://www.test.org http://www.test.net
```
## Donate developer

If you are willing to help developer, please donate Bitcoin Cash to address `BITCOINCASH:QPZNZ089TQKAVWF6XM6SD8KPGM59FF5H6CKV0585EP`.

Pull requests are also welcomed.


# CVE-2017-10271 POC

## 介绍

这是一个CVE-2017-10271漏洞自动测试工具. 经确定可以在CentOS 7和Windows 7 / 10上运行。

## 编译

本程序是用rust语言实现的。你需要先到 https://www.rust-lang.org/ 安装rust编译环境,然后进入代码目录,执行下列代码可以在`target/release/cve-2017-10271-poc`得到二进制程序。

```bash
$ cargo build --release
```

## 使用说明

### 查看帮助信息

通过直接执行不带参数的命令,可以查看帮助信息,如下:

```bash
$ cve-2017-10271-poc
```

### 检测一个网站

不妨设有这样一个网站`http://www.test.com/`,这个网站在`http://www.test.com/wls-wsat/CoordinatorPortType`或者`http://www.test.com/wls-wsat/CoordinatorPortType11`的地址处存在CVE-2017-10271漏洞。你可以通过执行下面的命令来测试这个网站。

```bash
$ cve-2017-10271-poc http://www.test.com
```
如果这个网站存在漏洞,程序会告诉你`Vulnerable`(有漏洞),否则会告诉你`Not Vulnerable`(没有漏洞)

### 同时检测多个网站

如果你需要同时检测多个网站,你可以将不同的网站作为参数进行追加,例如下面的命令可以同时测试3个网站。

```bash
$ cve-2017-10271-poc http://www.test.com http://www.test.org http://www.test.net
```

## 捐赠开发者

如果你乐意的话,欢迎向开发者捐赠比特币现金,地址是`BITCOINCASH:QPZNZ089TQKAVWF6XM6SD8KPGM59FF5H6CKV0585EP`。

同时,欢迎提供pull requests
File Snapshot

 [4.0K]  /data/pocs/70ce38dfd7a7fa492c348a0de2df89d0687ecedb
├── [ 39K]  Cargo.lock
├── [ 210]  Cargo.toml
├── [ 34K]  LICENSE
├── [2.8K]  README.md
├── [ 185]  rustfmt.toml
└── [4.0K]  src
    ├── [6.8K]  constant.rs
    ├── [1.9K]  main.rs
    ├── [2.6K]  term.rs
    └── [1.4K]  vulnerable.rs

1 directory, 9 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →