Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-14882 PoC — Oracle WebLogic Server 安全漏洞

Source
https://github.com/adm1in/CodeTest
Associated Vulnerability
Title:Oracle WebLogic Server 安全漏洞 (CVE-2020-14882)
Description:Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Description
CodeTest信息收集和漏洞利用工具,可在进行渗透测试之时方便利用相关信息收集脚本进行信息的获取和验证工作,漏洞利用模块可选择需要测试的漏洞模块,或者选择所有模块测试,包含CVE-2020-14882, CVE-2020-2555等,可自己收集脚本后按照模板进行修改。
Readme
<h1 align="center" >Welcome to CodeTest</h1>

### :point_right:关于本项目

>本项目的主要目的:针对日常收集的Python POC\EXP测试脚本,使用可视化界面统一执行入口,方便运行。
>
>本项目适合人群:有Python基础的渗透测试人员(工具自带简易编辑器,可修改脚本内参数,重新加载后可灵活使用脚本进行测试)
>
>可视化界面开发库:Tkinter

### :bulb:POC\EXP 参考链接

```
https://github.com/Ascotbe/Medusa
https://github.com/zhzyker/vulmap
```

### :book:使用说明

```
# 下载文件
git clone https://github.com/xkx518/CodeTest.git
cd CodeTest
# 安装依赖
pip3 install -r requirements.txt
注意: Python\Python36\Lib\site-packages,找到这个路径,下面有一个文件夹叫做crypto,将小写c改成大写C
# 使用工具
双击 CodeTest.pyw
pythonw3 CodeTest.pyw
```

### :clipboard:界面介绍
[超链接名](超链接地址 "超链接title")


### :open_file_folder:使用示例
[超链接名](超链接地址 "超链接title")
File Snapshot

 [4.0K]  /data/pocs/fa4500ad886dd4524ec327ecbd7938d4c7cede65
├── [3.1K]  ClassCongregation.py
├── [ 52K]  CodeTest.pyw
├── [1.7K]  config.py
├── [4.0K]  EXP
│   ├── [3.6K]  ALL.py
│   ├── [8.1K]  ApacheActiveMQ.py
│   ├── [ 35K]  ApacheShiro.py
│   ├── [ 12K]  ApacheSolr.py
│   ├── [ 41K]  ApacheStruts2.py
│   ├── [ 11K]  ApacheTomcat.py
│   ├── [3.5K]  ApacheUnomi.py
│   ├── [ 11K]  Drupal.py
│   ├── [6.2K]  Elasticsearch.py
│   ├── [5.6K]  Fastjson.py
│   ├── [   0]  __init__.py
│   ├── [5.4K]  Jenkins.py
│   ├── [ 20K]  Nexus.py
│   ├── [651K]  OracleWeblogic.py
│   ├── [ 26K]  RedHatJBoss.py
│   └── [5.1K]  ThinkPHP.py
├── [  72]  note.txt
├── [4.0K]  POC
│   ├── [3.0K]  FOFA.py
│   ├── [9.7K]  GithubHunter.py
│   ├── [5.2K]  IIS_shortname_Scan.py
│   ├── [  87]  info.ini
│   ├── [6.9K]  JSFinder.py
│   ├── [ 15K]  LinkFinder.py
│   ├── [1.8K]  Phone_isalive.py
│   ├── [2.8K]  Tongda_cookie_11_4.py
│   ├── [4.2K]  Tongda_rce_11_4.py
│   ├── [1.9K]  URLSEO.py
│   └── [ 404]  模板.py
├── [1.1K]  python.ico
├── [1.0K]  README.md
├── [  62]  requirements.txt
└── [ 67M]  ysoserial.jar

2 directories, 35 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →