Oracle WebLogic Server could allow a remote malicious user to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Weblogic Server | 10.3.6.0.0, 12.1.3.0.0 |
POC-EXP 本脚本针对CVE-2019-2725weblogic 反序列化RCE漏洞,使用前请修改VPS监听地址,并在运行时提交特定的URL即可完成测试 测试地址为:192168209134:49163/_async/AsyncResponseService 修改payload参数中的监听地址和端口后: #python CVE-2019-2725py 运行后输入ip:端口号/_async/AsyncResponseService
CVE-2019-2725 CVE-2019-2725(CNVD-C-2019-48814、WebLogic wls9-async) 命令回显
CVE-2019-2725 weblogic命令回显+webshell上传 免责声明:本工具仅供安全测试学习用途,禁止非法使用 weblogic命令回显+webshell上传 脚本简介: 本脚本是基于weblogic 1036和1213版本进行测试,并用python3编写。 1036使用的jdk7u21的payload 1213使用的orgslf4jextEventData类二次反序列化 py依赖的第三方库 req
cve-2019-2725
cve2019-2725_RCE - Weblogic _async remote command execution exploit cve2019_2725、CNVD-C-2019-48814 weblogic _async反序列话远程代码执行漏洞 Weblogic _async远程命令执行回显版exp,不需要安装任何库,通杀Windows&Linux。 Linux Payload用的Jason的,Windows Payload是修改的10271,javalangRuntime执行。同样使用写临时文件方
CVE-2019-2725_check CNVD-C-2019-48814_CVE-2019-2725_check、CVE-2019-2725_POC
CNTA-2019-0014-CVE-2019-2725 Usage:python3 weblogic_rcepy [url] [command] [is echo?] [win or linux] 具体分析请转:icematchawin/?p=1174
cve-2019-2725 References: Tenable - wwwtenablecom/blog/oracle-weblogic-affected-by-unauthenticated-remote-code-execution-vulnerability-cve-2019-2725 Exploit Database - wwwexploit-dbcom/exploits/46780 PaloAlto - unit42paloaltonetworkscom/muhstik-botnet-exploits-the-latest-weblogic-vulnerability-for-cryptomining-and-ddos-attacks/ SISSDEN - si
CVE-2019-2725 from secquanorg first launch
CVE-2019-2725
CVE-2019-2725 CVE-2019-2725 weblogic 回显版本 POC 以及exp exp支持单个命令回显 poc支持批量认证 payload 采用 githubcom/jiansiting/CVE-2019-2725 经测试成功与否与jdk有关 有些可能有漏洞却无法利用
python3运行 1检测目标放在iptxt文件下,格式:192168118:7001 2直接运行脚本,存在漏洞的结果保存在oktxt文件中
CVE-2019-2725 weblogic命令回显+webshell上传
weblogic_test to test weblogic cve-2017-10217, cve-2019-2725 and cve-2019-2715(bypass)
sectools 1个人安全工具开发学习,语言不限 2主要为图形化工具 -QAQ- 1源代码泄漏批量检测 2s2_045测试 3zoomeye查询,不消耗api ## 4一键子域名查询,subdomain 5weblogic cve-2019-2725漏洞检测
CNVD-C-2019-48814和CNNVD-201904-961 感谢t00ls-ximcx0101提供脚本 CNVD-C-2019-48814 POC Summary 相关链接如下: 清水川崎大佬的简书: wwwjianshucom/p/c4982a845f55 安全祖师爷转发: dwzcn/2GQvbUae 由于环境的一些因素路径会存在变化: 默认上传路径为: servers/AdminServer/tmp/_WL_internal/bea_wls9_async_response/8tpkys/war
Th1s 1s a rep0 ab0ut h3cking scr1pts shodan 调用shodan api 统计设备数量,如weblogic shodancountpy weblogic 调用shodan api 搜索设备,如weblogic shodansearchpy weblogic SMBLoris 通过smb服务对Windows服务器实施DOS攻击 chmod +x run10sh sh run10sh httpscan 一个http简易扫描脚本 如要扫描19216800/24 httpscanpy 19216800/24 dump_ssh_passwor
CNVD-C-2019-48814和CNNVD-201904-961 感谢t00ls-ximcx0101提供脚本 CNVD-C-2019-48814 POC Summary 相关链接如下: 清水川崎大佬的简书: wwwjianshucom/p/c4982a845f55 安全祖师爷转发: dwzcn/2GQvbUae 由于环境的一些因素路径会存在变化: 默认上传路径为: servers/AdminServer/tmp/_WL_internal/bea_wls9_async_response/8tpkys/war
CNVD-C-2019-48814 work on linux and windows(CVE-2019-2725) WebLogic wls9-async反序列化远程命令执行漏漏洞 说明 It's does't work when weblogic patched for cve-2017-10271 10360 12130 基于jas502n的脚本修改而成 使用 python async_command_favicon_allpy 127001:7001 漏洞复现 1 Windows Server 2012 servers/AdminServer/tmp/_
Weblogic漏洞测试脚本 使用python3编写 为了测试方便自己写的一些测试脚本还没有写完,有空在改。 asyncBypasspy是jdk16的CVE-2019-2729批量检测脚本。 CVE-2019-2618py是漏洞单独检测脚本。 checkpy是集成检测脚本。 check脚本目前支持检测内容如下 uddiSSRF CVE-2017-10271 CVE-2018-2894 CVE-2019-2618 CVE-2019-2725
WeblogicScan Weblogic vulnerability one-click poc detection Software Author: Tide_RabbitMask Thanks to the open source POC from the web I have only carried out the magic transformation and interface unification Disclaimer:Pia!(o ‵-′)ノ”(ノ﹏<。) This tool is for safety testing only,and should not be used for illegal use V 11 Features:
项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦屁股。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/ow
Emergency security fix emitted for remote code exec hole exploited in the wild
Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic Server component for Fusion Middleware – a flaw miscreants are exploiting in the wild to hijack systems.
The programming blunder, designated CVE-2019-2729, is present in WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability itself is caused by a deserialization bug in the XMLDecoder for WebLogic Server Web Services.
When exploited, a remote at...
Oracle said that a critical remote code execution flaw in its WebLogic Server is being actively exploited in the wild.
The remote code execution flaw (CVE-2019-2729) impacts a number of versions of Oracle’s WebLogic Server, used for building and deploying enterprise applications. The vulnerability has a CVSS score of 9.8 out of 10. Part of its seriousness is because it is remotely exploitable without authentication.
“Due to the severity of this vulnerability, Oracle strongly reco...
Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks.
The issue is now tracked CVE-2019-2729 and it is deserialization via XMLDecoder in Oracle WebLogic Server Web Services. This is the same as CVE-2019-2725, patched in April, leveraged in past attacks to deliver Sodinokibi ransomware and cryptocurrency miners. It is also ...
The GandCrab ransomware group is shutting down, according to posts on the Dark Web.
Researchers David Montenegro and Damian spotted the announcements over the weekend.
Noting that “all good things come to an end,” GandCrab’s operators in a posting on the exploit[.]in underground market claim the malware has raked in nearly $2 billion since the ransomware launched in January of last year. That encompasses ransomware-as-a-service (RaaS) earnings as well as $150 million for...
Malicious activity exploiting the recently disclosed Oracle WebLogic critical deserialization vulnerability (CVE-2019-2725) is surging. Even though there’s a patch, tens of thousands of vulnerable machines represent an irresistible target for hackers, according to Unit 42 researchers at Palo Alto Networks – especially since the bug is “trivial” to exploit.
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. Oracle r...
UPDATE
A variant of the Muhstik botnet has been uncovered in the wild, exploiting a recently-disclosed, dangerous vulnerability in Oracle WebLogic servers.
The newfound samples of Muhstik are targeting the recently-patched CVE-2019-2725 in WebLogic servers, and then launching distributed-denial-of-service (DDoS) and cryptojacking attacks with the aim of making money for the attacker behind the botnet, researchers said.
“From the timeline, we can see that the developer of Muhs...
Big Red rushes out software patch as ransomware scumbags move in
IT admins overseeing Oracle's WebLogic Server installations need to get patching immediately: miscreants are exploiting what was a zero-day vulnerability in the software to pump ransomware into networks.
The Cisco Talos security team said one its customers discovered it had been infected via the bug on April 25, though the exploit is believed to have been kicking around the web since April 17. The programming blunder at the heart of the matter is a deserialization vulnerability that can be...
A recently-disclosed critical vulnerability in Oracle WebLogic is being actively exploited in a slew of attacks, which are distributing a never-before-seen ransomware variant.
The recently-patched flaw exists in Oracle’s WebLogic server, used for building and deploying enterprise applications. The deserialization vulnerability (CVE-2019-2725) is being exploited to spread what researchers with Cisco Talos in a Tuesday analysis dubbed the “Sodinokibi” ransomware.
“This is th...
Attackers are exploiting a recently disclosed WebLogic vulnerability to install a new ransomware called Sodinokibi. As this vulnerability is trivial to exploit, it is important that server admins install the patch immediately in order to prevent infections or unauthorized access.
Earlier this month, a deserialization vulnerability (CVE-2019-2725) was discovered in Oracle WebLogic Server that allows attackers to gain full access to the server in order to install malware or use it as a l...
Vulmon