Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-2618 PoC — Oracle Fusion Middleware WebLogic Server 访问控制错误漏洞

Source
https://github.com/wsfengfan/CVE-2019-2618-
Associated Vulnerability
Title:Oracle Fusion Middleware WebLogic Server 访问控制错误漏洞 (CVE-2019-2618)
Description:Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N).
Description
CVE-2019-2618-自己编写
Readme
# CVE-2019-2618-漏洞检测工具
根据提示依次输入服务器 url 用户名 密码
>例如:python3 CVE-2019-2618_test.py http://127.0.0.1 root root123

代码会返回response的主体内容,可以根据主体内容提供的url,查看是否上传成功.

程序内上传的文件名称为 "test.jsp".

正常上传成功,test.jsp显示为 "CVE-2019-2618_test_succeed".
File Snapshot

 [4.0K]  /data/pocs/b14aceadc7df943d35c73cfa61e1e3f9f47fc2c8
├── [1.2K]  CVE-2019-2618_test.py
├── [253K]  ldpasswd.txt
├── [1.0K]  LICENSE
└── [ 384]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →