CVE-2019-2725 PoC — Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞

Source

https://github.com/GGyao/weblogic_2019_2725_wls_batch

Associated Vulnerability

Title:Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞 (CVE-2019-2725)
Description:Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Description

weblogic CVE-2019-2725利用exp。

Readme

# weblogic_2019_2725_wls_batch

weblogic CVE-2019-2725漏洞Exp，针对wls-wsat组件的漏洞，使用三个exp进行批量检测。当时写的时候没想太多，就是验证漏洞存在就完了，于是脚本的功能就是对漏洞存在的机器输出whoami命令的结果。

## 使用

python3 weblogic_batch_V1.0.py 

（将目标放入target.txt，一行一个。）

## 示例

**单个验证**

![](demo.png)

File Snapshot


 [4.0K]  /data/pocs/7b1a1b1b19af304ec638a69533dde643e4c0476a
├── [182K]  demo2.png
├── [ 14K]  demo.png
├── [ 441]  README.md
├── [  32]  target.txt
└── [426K]  weblogic_batch_V1.0.py

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!