Oracle WebLogic Server could allow a remote malicious user to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Weblogic Server | 10.3.6.0.0, 12.1.3.0.0 |
POC-EXP 本脚本针对CVE-2019-2725weblogic 反序列化RCE漏洞,使用前请修改VPS监听地址,并在运行时提交特定的URL即可完成测试 测试地址为:192168209134:49163/_async/AsyncResponseService 修改payload参数中的监听地址和端口后: #python CVE-2019-2725py 运行后输入ip:端口号/_async/AsyncResponseService
CVE-2019-2725_check CNVD-C-2019-48814_CVE-2019-2725_check、CVE-2019-2725_POC
CVE-2019-2725
cve-2019-2725
cve2019-2725_RCE - Weblogic _async remote command execution exploit cve2019_2725、CNVD-C-2019-48814 weblogic _async反序列话远程代码执行漏洞 Weblogic _async远程命令执行回显版exp,不需要安装任何库,通杀Windows&Linux。 Linux Payload用的Jason的,Windows Payload是修改的10271,javalangRuntime执行。同样使用写临时文件方
python3运行 1检测目标放在iptxt文件下,格式:192168118:7001 2直接运行脚本,存在漏洞的结果保存在oktxt文件中
CNTA-2019-0014-CVE-2019-2725 Usage:python3 weblogic_rcepy [url] [command] [is echo?] [win or linux] 具体分析请转:icematchawin/?p=1174
Th1s 1s a rep0 ab0ut h3cking scr1pts shodan 调用shodan api 统计设备数量,如weblogic shodancountpy weblogic 调用shodan api 搜索设备,如weblogic shodansearchpy weblogic SMBLoris 通过smb服务对Windows服务器实施DOS攻击 chmod +x run10sh sh run10sh httpscan 一个http简易扫描脚本 如要扫描19216800/24 httpscanpy 19216800/24 dump_ssh_passwor
CNVD-C-2019-48814和CNNVD-201904-961 感谢t00ls-ximcx0101提供脚本 CNVD-C-2019-48814 POC Summary 相关链接如下: 清水川崎大佬的简书: wwwjianshucom/p/c4982a845f55 安全祖师爷转发: dwzcn/2GQvbUae 由于环境的一些因素路径会存在变化: 默认上传路径为: servers/AdminServer/tmp/_WL_internal/bea_wls9_async_response/8tpkys/war
CNVD-C-2019-48814 work on linux and windows(CVE-2019-2725) WebLogic wls9-async反序列化远程命令执行漏漏洞 说明 It's does't work when weblogic patched for cve-2017-10271 10360 12130 基于jas502n的脚本修改而成 使用 python async_command_favicon_allpy 127001:7001 漏洞复现 1 Windows Server 2012 servers/AdminServer/tmp/_
CNVD-C-2019-48814和CNNVD-201904-961 感谢t00ls-ximcx0101提供脚本 CNVD-C-2019-48814 POC Summary 相关链接如下: 清水川崎大佬的简书: wwwjianshucom/p/c4982a845f55 安全祖师爷转发: dwzcn/2GQvbUae 由于环境的一些因素路径会存在变化: 默认上传路径为: servers/AdminServer/tmp/_WL_internal/bea_wls9_async_response/8tpkys/war
WeblogicScan Weblogic vulnerability one-click poc detection Software Author: Tide_RabbitMask Thanks to the open source POC from the web I have only carried out the magic transformation and interface unification Disclaimer:Pia!(o ‵-′)ノ”(ノ﹏<。) This tool is for safety testing only,and should not be used for illegal use V 11 Features:
Malicious activity exploiting the recently disclosed Oracle WebLogic critical deserialization vulnerability (CVE-2019-2725) is surging. Even though there’s a patch, tens of thousands of vulnerable machines represent an irresistible target for hackers, according to Unit 42 researchers at Palo Alto Networks – especially since the bug is “trivial” to exploit.
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. Oracle r...
UPDATE
A variant of the Muhstik botnet has been uncovered in the wild, exploiting a recently-disclosed, dangerous vulnerability in Oracle WebLogic servers.
The newfound samples of Muhstik are targeting the recently-patched CVE-2019-2725 in WebLogic servers, and then launching distributed-denial-of-service (DDoS) and cryptojacking attacks with the aim of making money for the attacker behind the botnet, researchers said.
“From the timeline, we can see that the developer of Muhs...
Big Red rushes out software patch as ransomware scumbags move in
IT admins overseeing Oracle's WebLogic Server installations need to get patching immediately: miscreants are exploiting what was a zero-day vulnerability in the software to pump ransomware into networks.
The Cisco Talos security team said one its customers discovered it had been infected via the bug on April 25, though the exploit is believed to have been kicking around the web since April 17. The programming blunder at the heart of the matter is a deserialization vulnerability that can be...
A recently-disclosed critical vulnerability in Oracle WebLogic is being actively exploited in a slew of attacks, which are distributing a never-before-seen ransomware variant.
The recently-patched flaw exists in Oracle’s WebLogic server, used for building and deploying enterprise applications. The deserialization vulnerability (CVE-2019-2725) is being exploited to spread what researchers with Cisco Talos in a Tuesday analysis dubbed the “Sodinokibi” ransomware.
“This is th...
Vulmon