what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Aaron Soto

Oracle Weblogic Server Deserialization RMI UnicastRef Remote Code Execution

Posted Apr 2, 2019

Authored by Jacob Baines, Aaron Soto, Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (sun.rmi.server.UnicastRef) to the interface to execute code on vulnerable hosts.

tags | exploit

advisories | CVE-2017-3248

SHA-256 | 7689bd250f236540a89962c75e10662698d550e3295c7ffa517147b01022d81f

Download | Favorite | View

Oracle Weblogic Server Deserialization MarshalledObject Remote Code Execution

Posted Apr 1, 2019

Authored by Jacob Baines, Aaron Soto, Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.corba.utils.MarshalledObject) to the interface to execute code on vulnerable hosts.

tags | exploit

advisories | CVE-2016-3510

SHA-256 | 34887ed78f437dc71b9a27e469d90d560f20f0a52702a9df664219aa2a18b0f2

Download | Favorite | View

Oracle Weblogic Server Deserialization Remote Code Execution

Posted Mar 27, 2019

Authored by Steve Breen, Aaron Soto, Andres Rodriguez | Site metasploit.com

This Metasploit module demonstrates that an unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.jms.common.StreamMessag eImpl) to the interface to execute code on vulnerable hosts.

tags | exploit

advisories | CVE-2015-4852

SHA-256 | e9fa1048c7115283a85c77ab6fc28657f1c314f5367d3be58cd22dda512105d6

Download | Favorite | View