Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-4852 PoC — Oracle WebLogic Server WLS Security组件安全漏洞

Source
https://github.com/roo7break/serialator
Associated Vulnerability
Title:Oracle WebLogic Server WLS Security组件安全漏洞 (CVE-2015-4852)
Description:The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
Description
Python script to exploit CVE-2015-4852.
Readme
# serialator
Python script to exploit CVE-2015-4852.

## Description
During a recent engagement, I found that Nessus was now actively exploiting vulnerabilities for confirmation. When I checked the associated nasl script I found that the payload was generic enough to be used on a standalone script. Hence, I collected the payloads from all the nasl scripts that were part of the same RCE vulnerability (but for separate applications) and wrapped them with Python magic.
Next time you see a vulnreable application, use this script.

## Changelog:
* Update 29/02/2016
** Initial commit. Ready for testing.

## Author
Nikhil Sreekumar (@roo7break)

## Target applications
* Websphere
* JBoss
* OpenNMS
* Symantec Endpoint Protection Manager

## Included scripts
* serialator.py - Main exploit script
* ICMPListener.py - To setup a ICMP listener using scapy. Used alongside serialator.py for testing if target is vulnerable or not.

## Code details
* Python3
No additional packages required

## What next
* Incorporate ysoserial.jar or its payload generation 
* Threaded exploiter - Weapon of mass exploitation :D
* Automated testing
File Snapshot

 [4.0K]  /data/pocs/77bc3e895f43217b9865730b4dd6d0d5345680e0
├── [1.7K]  ICMPListener.py
├── [1.1K]  README.md
└── [ 34K]  serialator.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →