Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-14882 PoC — Oracle WebLogic Server 安全漏洞

Source
https://github.com/AleksaZatezalo/CVE-2020-14882-HoaxShell
Associated Vulnerability
Title:Oracle WebLogic Server 安全漏洞 (CVE-2020-14882)
Description:Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Readme
# CVE-2020-14882 HoaxShell
This Python script is designed to exploit a Remote Code Execution vulnerability in Oracle WebLogic Server (CVE-2020-14882) to execute commands on a vulnerable target server and capture their output through HTTP requests. It first prompts for a target WebLogic URL and network interface, then enters a loop where the user can input commands. For each command, it automatically allocates an available port and creates a temporary HTTP listener on that port. The script formats the command to be executed on the target WebLogic system, wrapping it in a PowerShell command that will send its output back to the listener via an HTTP POST request. A separate thread handles the listening for the HTTP response while the main thread sends the exploit to the target through WebLogic's console portal. Once the response is received, the listener thread prints the full HTTP request (including headers and body) to standard output and signals completion. Finally, the port is closed, and the user can enter another command or exit the program.
File Snapshot

 [4.0K]  /data/pocs/9a01a341289224acc91a7cd04e7ddd03dee66b41
├── [4.8K]  cve_2020_14882.py
└── [1.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →