7.5
CVSSv2

CVE-2019-2725

Published: 26/04/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 818
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Oracle WebLogic Server could allow a remote malicious user to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Vendor Advisories

Oracle Security Alert Advisory - CVE-2019-2725 Description This Security Alert addresses CVE-2019-2725, a deserialization vulnerability in Oracle WebLogic Server This remote code execution vulnerability is remotely exploitable without authentication, ie, may be e ...

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Powershell def initialize(info={}) super(update_info(info, ...
#!/usr/bin/python # Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 # Date: 30/04/2019 # Exploit Author: Avinash Kumar Thapa # Vendor Homepage: wwworaclecom/middleware/technologies/weblogichtml # Software Link: wwworaclecom/technetwork/middleware/downloads/indexhtml # Version: Oracle WebLogic Server, versions 103600, ...

Mailing Lists

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host ...

Metasploit Modules

Oracle Weblogic Server Deserialization RCE - AsyncResponseService

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host.

msf > use exploit/multi/misc/weblogic_deserialize_asyncresponseservice
msf exploit(weblogic_deserialize_asyncresponseservice) > show targets
    ...targets...
msf exploit(weblogic_deserialize_asyncresponseservice) > set TARGET < target-id >
msf exploit(weblogic_deserialize_asyncresponseservice) > show options
    ...show and set options...
msf exploit(weblogic_deserialize_asyncresponseservice) > exploit

Github Repositories

Docker一键启动安全测试工具

HackerWithDocker Docker一键启动安全测试工具 ShiroScan docker run -itd -p 8080:8080 redteamwing/shiroscan Pnode docker pull redteamwing/pnode OneForAll docker pull redteamwing/oneforall cve-2019-2725 docker pull redteamwing/cve-2019-2725

CVE-2019-2725-POC

CVE-2019-2725-POC CVE-2019-2725-POC 修改txt中的大马地址为自己的大马地址,利用burpsuite向目标服务器发送post请求,请求包内容为txt中的内容。

CVE-2019-2725 命令回显

CVE-2019-2725 CVE-2019-2725(CNVD-C-2019-48814、WebLogic wls9-async) 命令回显 1036 1213 ResultBaseExecjava 用于测试defineClass,将把恶意类从base64还原出来,执行代码,主要是比较方便(可用可不用)。 JDK7u21java 会生成weblogic-2019-2725_1213命令执行txt中的xml,请使用jdk6编译。 CVE-2019-2725py 检测命令是否会

个人安全工具开发学习,漏洞检测工具,语言不限,主要为图形化工具

SECTOOLS 1个人安全工具开发学习,语言不限 2主要为图形化工具 -QAQ- 1weblogic cve-2019-2725漏洞检测 2s2_045测试 3zoomeye查询,不消耗api ## 4一键子域名查询,subdomain 5源代码泄漏批量检测

cve-2019-2725 References: Tenable - wwwtenablecom/blog/oracle-weblogic-affected-by-unauthenticated-remote-code-execution-vulnerability-cve-2019-2725 Exploit Database - wwwexploit-dbcom/exploits/46780 PaloAlto - unit42paloaltonetworkscom/muhstik-botnet-exploits-the-latest-weblogic-vulnerability-for-cryptomining-and-ddos-attacks/ SISSDEN - si

CNTA-2019-0014-CVE-2019-2725 免责声明:本工具仅供安全测试学习用途,禁止非法使用 Usage:python3 weblogic_rcepy [url] [command] [is echo?] [win or linux] 具体分析请转:icematchawin/?p=1174

weblogic CVE-2019-2725利用exp。

weblogic_2019_2725_wls_batch weblogic CVE-2019-2725漏洞Exp,针对wls-wsat组件的漏洞,使用三个exp进行批量检测。当时写的时候没想太多,就是验证漏洞存在就完了,于是脚本的功能就是对漏洞存在的机器输出whoami命令的结果。 使用 python3 weblogic_batch_V10py (将目标放入targettxt,一行一个。) 示例 单

cve-2019-2725 References: Tenable - wwwtenablecom/blog/oracle-weblogic-affected-by-unauthenticated-remote-code-execution-vulnerability-cve-2019-2725 Exploit Database - wwwexploit-dbcom/exploits/46780 PaloAlto - unit42paloaltonetworkscom/muhstik-botnet-exploits-the-latest-weblogic-vulnerability-for-cryptomining-and-ddos-attacks/ SISSDEN - si

weblogic绕过和wls远程执行

CVE-2019-2725 from secquanorg first launch

CVE-2019-2725

CVE-2019-2725命令回显+webshell上传+最新绕过

CVE-2019-2725 weblogic命令回显+webshell上传 免责声明:本工具仅供安全测试学习用途,禁止非法使用 weblogic命令回显+webshell上传 脚本简介: 本脚本是基于weblogic 1036和1213版本进行测试,并用python3编写。 1036使用的jdk7u21的payload 1213使用的orgslf4jextEventData类二次反序列化 py依赖的第三方库 req

CVE-2019-2725 bypass pocscan and exp

CVE-2019-2725 bypass tips coded in python3,payloadhere that payload only work in jdk6 exp usage: usage:exppy 127001:8080 whoami poc after edit the iptxt,programe will check the ip in iptxt,testing if the vulnerability exist or not :

(CVE-2019-2725) Oracle WLS(Weblogic) RCE test sciript

Oracle-WLS-Weblogic-RCE (CVE-2019-2725) Oracle WLS(Weblogic) RCE test sciript

CVE-2019-2725 weblogic命令回显+webshell上传 免责声明:本工具仅供安全测试学习用途,禁止非法使用 weblogic命令回显+webshell上传 脚本简介: 本脚本是基于weblogic 1036和1213版本进行测试,并用python3编写。 1036使用的jdk7u21的payload 1213使用的orgslf4jextEventData类二次反序列化 py依赖的第三方库 req

WebLogic wls9-async反序列化远程命令执行漏洞

CNVD-C-2019-48814 WebLogic wls9-async反序列化远程命令执行漏洞 回显poc for weblogic Patch update: wwworaclecom/technetwork/security-advisory/alert-cve-2019-2725-5466295html 漏洞复现: 101020166:7001/_async/AsyncResponseService curl -i 101020166:7001/_async/faviconico CNVD-C-2019-48814 Video python CNVD-C-2019-48814py -u

Weblogic CVE-2019-2725 CVE-2019-2729 Getshell 命令执行

weblogic CVE-2019-2725 CVE-2019-2729 POC 执行命令并回显 usage: 单个目标 python3 weblogic_get_webshellpy url 批量目标,将批量url放入url_listtxt python3 weblogic_get_webshellpy all

A utility to test Oracle WebLogic issues

weblogic_test A utility to test Oracle WebLogic issues including CVE-2017-10217, CVE-2019-2725, and CVE-2019-2725 (bypass) Todo: Add CVE-2018-2628 usage: wlg_testpy 127001:7001

CNVD-C-2019-48814 poc work on linux and windows

CNVD-C-2019-48814 work on linux and windows(CVE-2019-2725) WebLogic wls9-async反序列化远程命令执行漏漏洞 说明 It's does't work when weblogic patched for cve-2017-10271 10360 12130 基于jas502n的脚本修改而成 使用 python async_command_favicon_allpy 127001:7001 漏洞复现 1 Windows Server 2012 servers/AdminServer/tmp/_

WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit

CVE-2019-2725 WebLogic Universal Exploit - CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2725 / CVE-2019-2729 payload builder &amp; exploit Info / Help $ python3 weblogic_exploitpy -h ======================================================================== | WebLogic Universal Exploit | | CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2

2018-2020青年安全圈-活跃技术博主/博客

Security-Data-Analysis-and-Visualization 2018-2020青年安全圈-活跃技术博主/博客 声明 所有数据均来自且仅来自公开信息,未加入个人先验知识,如有疑义,请及时联系root@4o4notfoundorg。 公开这批数据是为了大家一起更快更好地学习,请不要滥用这批数据,由此引发的问题,本人将概不负责。 对这

雷石安全实验室出品 V20 增加批量检测漏洞功能 去除登陆密码框 V10 weblogic administrator 控制台路径泄漏漏洞 弱口令 WebLogic, weblogic, Oracle@123, password, system, Administrator, admin CVE-2014-4210 Weblogic SSRF漏洞: 影响版本 : 1002,1036 127001:7001/uddiexplorer/SearchPublicRegistriesjsp CVE-2017-3506&amp;CVE-201

Source Code Obfuscation And Binary Obfuscation, Multiple Languages And Multiple Platforms. Including 250+ Tools and 600+ Posts

所有收集类项目 Obfuscate 源码混淆和二进制混淆,包括多种语言和多个平台。250+工具和600+文章 English Version 目录 C/C++ advobfuscator -&gt; (1)工具 (1)文章 (5) 工具 dotNet de4dot -&gt; (2)工具 (2)文章 obfuscar -&gt; (1)工具 confuserex -&gt; (3)工具 (6)文章 (7) 工具 (10) 文章 PowerShell invoke-ob

https://github.com/qazbnm456/awesome-web-security

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of We

WeblogicScan Forked from githubcom/dr0op/WeblogicScan Install pip3 install -r requirementstxt Usage Usage : python3 WeblogicScanpy -u [URL] python3 WeblogicScanpy -f [FILENAME] python3 WeblogicScanpy -n [CVE] python3 WeblogicScanpy -n [CVE] -e [CMD] Example : python3 WeblogicScanpy -u 127001:7001/ python3 WeblogicScanpy -f targetstxt python3 W

WeblogicScanLot系列,Weblogic漏洞批量检测工具,V2.2

项目停止维护,批量扫描功能合并至githubcom/rabbitmask/WeblogicScan 软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏&lt;。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V22简介: 提供weblogic批量检测功能,收录几乎全部weblogic历史漏洞。 【没有遇到过weblogi

A curated list of Web Security materials and resources.

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of We

weblogic漏洞测试脚本

weblogic_httppy--CVE-2014-4210,CVE-2017-3506,CVE-2017-10271,CVE-2019-2725 weblogic_t3py--CVE-2016-0638,CVE-2016-3510,CVE-2017-3248,CVE-2018-2628,CVE-2018-2893

WeblogicScanLot系列,Weblogic漏洞批量检测工具,V2.2

项目停止维护,批量扫描功能合并至githubcom/rabbitmask/WeblogicScan 软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏&lt;。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V22简介: 提供weblogic批量检测功能,收录几乎全部weblogic历史漏洞。 【没有遇到过weblogi

Weblogic批量漏洞检测工具 | 基于自己的需求对原版做了个修改

WeblogicScan Weblogic一键批量漏洞检测工具,V10 软件作者:Bywalks 免责声明:Pia!(o ‵-′)ノ”(ノ﹏&lt;。) 本工具仅用于安全测试,请勿用于非法用途,否则造成的一切后果自负~ 本版本为基于rabbitmask的WeblogicScan工具修改而成 基于我的需求做了部分优化 V 10使用方法: 需检

增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618,CVE-2019-2729检测,Python3支持

WeblogicScan 增强版WeblogicScan 从rabbitmask大佬的WeblogicScan V12 版本修改而来。 修改前源项目地址:githubcom/rabbitmask/WeblogicScan DEFF 支持Python3 修复漏洞检测误报,漏洞检测结果更精确 添加CVE-2019-2729, CVE-2019-2618漏洞检测 插件化漏洞扫描组件 添加彩色打印 INSTALL pip3 install -r requirementstxt

Weblogic一键漏洞检测工具,V1.5,更新时间:20200730

WeblogicScan Weblogic一键漏洞检测工具,V15 软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏&lt;。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V 15功能介绍: 提供一键poc检测,收录几乎全部weblogic历史漏洞。 详情如下: #控制台路径泄露 Console #SSR

Weblogic一键漏洞检测工具,V1.5,更新时间:20200730

WeblogicScan Weblogic一键漏洞检测工具,V15 软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏&lt;。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V 15功能介绍: 提供一键poc检测,收录几乎全部weblogic历史漏洞。 详情如下: #控制台路径泄露 Console #SSR

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&amp;&a

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551

源工具链接:githubcom/rabbitmask/WeblogicScan weblogicScaner 简体中文 | English 截至 2020 年 3 月 7 日,weblogic 漏洞扫描工具。若存在未记录且已公开 POC 的漏洞,欢迎提交 issue。 原作者已经收集得比较完整了,在这里做了部分的 bug 修复,部分脚本 POC 未生效,配置错误等问题。之前查了一下

Useful Pentest tool links

Pentest-Tools Red-Team-Essentialss General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vu

用于漏洞排查的pocsuite3验证POC代码

some_pocsuite 用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码(pocsuite3是知道创宇安全团队的开源漏洞测试框架)。 由于原Pocsuite已停止更新,因此将原来的POC代码全部重新改写并迁移到pocsuite3,原POC备份在PocsuiteV2中。 插件代码编写 使用pocsuite3 漏洞测试框架,插件编写请参考 pocs

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

抓取 Weblogic 等 Oracle 组件的历史漏洞信息

一个 Oracle 历史漏洞爬取工具 通过制定关键字,可以自动检索 WebLogic, Database, Management Center, Testing Suite 等历史漏洞并统计。 准备 go build 运行 检索所有历史 WebLogic 漏洞,输出到屏幕 /main --filter WebLogic 检索所有历史 WebLogic 漏洞, 输出到 weblogicmd /main --filter WebLogic --output weblogicmd

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&amp;&a

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

Vulmap是一款漏洞扫描工具,可对Web容器、Web服务器、Web中间件以及CMS等Web程序进行漏洞扫描,并且具备漏洞利用功能。 相关测试人员可以使用vulmap检测目标是否存在特定漏洞,并且可以使用漏洞利用功能验证漏洞是否真实存在。

Vulmap - Vulnerability scanning and verification tools 中文版本(Chinese Version) русский(Russian Version) Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions Relevant testers can use vulmap to detect whether the target ha

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

信息收集 主机信息收集 敏感目录文件收集 目录爆破 字典 BurpSuite 搜索引擎语法 Google Hack DuckDuckgo 可搜索微博、人人网等屏蔽了主流搜索引擎的网站 Bing js文件泄漏后台或接口信息 快捷搜索第三方资源 findjs robotstxt 目录可访问( autoindex ) iis短文件名 IIS-ShortName-Scanner

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

hacking tools awesome lists

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx OCaml Objective-C Objective-C++ Others PHP PLSQL P

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

平常看到好的各种工具的集合

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP ActionScript Arduino Assembly AutoHotkey Batchfile BitBake Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang F# Game Maker Language Go HCL HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Nim OCaml Objective-C Objecti

The cheat sheet about Java Deserialization vulnerabilities

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks &amp; presentations &amp; docs Payload generators Exploits Detect Vulnerable apps (without

公开收集所用

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Compiled dataset of Java deserialization CVEs

Java-Deserialization-CVEs This is a dataset of CVEs related to Java Deserialization Since existing CVE databases do not allow for granular searches by vulnerability type and language, this list was compiled by manually searching the NIST NVD CVE database with different queries If you notice any discrepancies, contributions are very welcome! CVE ID Year CVSS 3/31 risk CV

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal
BleepingComputer • Ax Sharma • 11 Nov 2020

Muhstik botnet, also known as Mushtik, has been targeting cloud infrastructure and IoTs for years.
The botnet mainly funds itself by mining cryptocurrency using open source tools like XMRig and cgminer.
New details have emerged related to this malware that shed light on its nefarious activities and origins.
Muhstik is a botnet that leverages known web application exploits to compromise IoT devices, such as routers, to mine cryptocurrency.
It leverages IRC servers ...

Oracle WebLogic Server RCE Flaw Under Active Attack
Threatpost • Lindsey O'Donnell • 29 Oct 2020

If an organization hasn’t updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: “Assume it has been compromised.”
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The console component of the WebLogic Server has a flaw, CVE-2020-14882, which ranks 9.8 out of 10 on the CVSS scale.  According to Oracle, the attack is “low” in complexity, req...

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack
Threatpost • Lindsey O'Donnell • 04 May 2020

Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. The company said it has received numerous reports that attackers were targeting the vulnerability patched last month.
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The server has a remote code execution flaw, CVE-2020-2883, that can be exploited by unauthenticated attackers to take over unpatched systems...

The Week in Ransomware - April 3rd 2020 - No Sign of Letting Up
BleepingComputer • Lawrence Abrams • 10 Apr 2020

Over the past two week, we have seen an increase in warnings from law enforcement agencies stating that healthcare organizations need to be on high alert for attacks by ransomware operators and other attackers who are looking to capitalize on the Coronavirus pandemic.
In addition, we continue to see new variants released from the common ransomware families such as STOP, Dharma, and others.
Finally, the Wall Street Journal broke the news this week that
to REvil to get their co...

IT threat evolution Q3 2019
Securelist • David Emm • 29 Nov 2019

At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in May 2018, right after Israeli security agencies announced that Hamas had installed spyware on the smartphones of Israeli soldiers, and we released a private report on our Threat Intelligence Portal. We believe the mal...

Panda Threat Group Mines for Monero With Updated Payload, Targets
Threatpost • Lindsey O'Donnell • 17 Sep 2019

The Panda threat group, best known for launching the widespread and successful 2018 “MassMiner” cryptomining malware campaign, has continued to use malware to mine cryptocurrency in more recent attacks. A fresh analysis of the group reveals Panda has adopted a newly-updated infrastructure, payloads and targeting.
While considered unsophisticated, researchers warn that the threat group has a wide reach and has attacked organizations in banking, healthcare, transportation and IT services...

Using Oracle WebLogic? Put down your coffee, drop out of Discord, grab this patch right now: Vuln under attack
The Register • Shaun Nichols in San Francisco • 19 Jun 2019

Emergency security fix emitted for remote code exec hole exploited in the wild

Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic Server component for Fusion Middleware – a flaw miscreants are exploiting in the wild to hijack systems.
The programming blunder, designated CVE-2019-2729, is present in WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability itself is caused by a deserialization bug in the XMLDecoder for WebLogic Server Web Services.
When exploited, a remote at...

Oracle Warns of New Actively-Exploited WebLogic Flaw
Threatpost • Lindsey O'Donnell • 19 Jun 2019

Oracle said that a critical remote code execution flaw in its WebLogic Server is being actively exploited in the wild.
The remote code execution flaw (CVE-2019-2729) impacts a number of versions of Oracle’s WebLogic Server, used for building and deploying enterprise applications. The vulnerability has a CVSS score of 9.8 out of 10. Part of its seriousness is because it is remotely exploitable without authentication.
“Due to the severity of this vulnerability, Oracle strongly reco...

Oracle Fixes Critical Bug in WebLogic Server Web Services
BleepingComputer • Ionut Ilascu • 19 Jun 2019

Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks.
The issue is now tracked CVE-2019-2729 and it is deserialization via XMLDecoder in Oracle WebLogic Server Web Services. This is the same as CVE-2019-2725,
, leveraged in past attacks to deliver
 and
. It is also included in the exploit bag of the re...

GandCrab Ransomware Shutters Its Operations
Threatpost • Tara Seals • 03 Jun 2019

The GandCrab ransomware group is shutting down, according to posts on the Dark Web.
Researchers David Montenegro and Damian spotted the announcements over the weekend.

Noting that “all good things come to an end,” GandCrab’s operators in a posting on the exploit[.]in underground market claim the malware has raked in nearly $2 billion since the ransomware launched in January of last year. That encompasses ransomware-as-a-service (RaaS) earnings as well as $150 million for...

Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig
Threatpost • Tara Seals • 06 May 2019

Malicious activity exploiting the recently disclosed Oracle WebLogic critical deserialization vulnerability (CVE-2019-2725) is surging. Even though there’s a patch, tens of thousands of vulnerable machines represent an irresistible target for hackers, according to Unit 42 researchers at Palo Alto Networks – especially since the bug is “trivial” to exploit.
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. Oracle r...

Muhstik Botnet Variant Targets Just-Patched Oracle WebLogic Flaw
Threatpost • Lindsey O'Donnell • 01 May 2019

UPDATE
A variant of the Muhstik botnet has been uncovered in the wild, exploiting a recently-disclosed, dangerous vulnerability in Oracle WebLogic servers.
The newfound samples of Muhstik are targeting the recently-patched CVE-2019-2725 in WebLogic servers, and then launching distributed-denial-of-service (DDoS) and cryptojacking attacks with the aim of making money for the attacker behind the botnet, researchers said.
“From the timeline, we can see that the developer of Muhs...

If you're using Oracle's WebLogic Server, check for security fixes: Bug exploited in the wild to install ransomware
The Register • Iain Thomson in San Francisco • 01 May 2019

Big Red rushes out software patch as ransomware scumbags move in

IT admins overseeing Oracle's WebLogic Server installations need to get patching immediately: miscreants are exploiting what was a zero-day vulnerability in the software to pump ransomware into networks.
The Cisco Talos security team said one its customers discovered it had been infected via the bug on April 25, though the exploit is believed to have been kicking around the web since April 17. The programming blunder at the heart of the matter is a deserialization vulnerability that can be...

New ‘Sodinokibi’ Ransomware Exploits Critical Oracle WebLogic Flaw
Threatpost • Lindsey O'Donnell • 30 Apr 2019

A recently-disclosed critical vulnerability in Oracle WebLogic is being actively exploited in a slew of attacks, which are distributing a never-before-seen ransomware variant.
The recently-patched flaw exists in Oracle’s WebLogic server, used for building and deploying enterprise applications. The deserialization vulnerability (CVE-2019-2725​) is being exploited to spread what researchers with Cisco Talos in a Tuesday analysis dubbed the “Sodinokibi” ransomware.
“This is th...

Sodinokibi Ransomware Being Installed on Exploited WebLogic Servers
BleepingComputer • Lawrence Abrams • 30 Apr 2019

Attackers are exploiting a recently disclosed WebLogic vulnerability to install a new ransomware called Sodinokibi. As this vulnerability is trivial to exploit, it is important that server admins install the patch immediately in order to prevent infections or unauthorized access.
Earlier this month, a deserialization vulnerability (CVE-2019-2725) was discovered in Oracle WebLogic Server that allows attackers to gain full access to the server in order to install malware or use it as a l...

Ransomware's big jump: ransoms grew 14 times in one year
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Ransomware has become one of the most insidious threats in the past couple of years, with actors scaling up their operations to the point that the average ransom demand increased more than 10 times in one year.
There are well over a dozen operators in the ransomware-as-a-service (RaaS) game, each with a host of affiliates that focus on enterprise targets across the world.
Since the infamous GandCrab group
in mid-2019, the ransomware landscape changed drastically. The RaaS mod...

The Register

In brief NordVPN has hit the go-live button for the first of its colocated server setups.
The move means the VPN provider can take tighter control over the service as it now only rents space for its own custom servers, rather than renting a server in a data centre. The difference being that NordVPN gets to control all the hardware and settings.
This dates back to October 2019, when NordVPN was embarrassed by hackers who managed to get into a rented server that was being used to host ...