CVE-2019-2725 PoC — Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞

Source

https://github.com/kerlingcode/CVE-2019-2725

Associated Vulnerability

Title:Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞 (CVE-2019-2725)
Description:Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Description

CVE-2019-2725 bypass pocscan and exp

Readme

# CVE-2019-2725 bypass

## tips
coded in python3,payload[here](https://github.com/jiansiting/CVE-2019-2725 "here")</br>
that payload only work in jdk6</br>
![](https://github.com/kerlingcode/CVE-2019-2725/blob/master/bug.png)
## exp
usage: usage:exp.py 127.0.0.1:8080 whoami</br>
![](https://github.com/kerlingcode/CVE-2019-2725/blob/master/exp.png)</br>
![](https://github.com/kerlingcode/CVE-2019-2725/blob/master/exp2.png)</br>
## poc
after edit the ip.txt,programe will check the ip in ip.txt,testing if the vulnerability exist or not :
</br>
![](https://github.com/kerlingcode/CVE-2019-2725/blob/master/poc.png)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!