what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News Services About Contact Add New

Showing 1 - 2 of 2

Files from Jang

Oracle WebLogic Server Administration Console Handle Remote Code Execution

Posted Nov 19, 2020

Authored by wvu, Jang, voidfyoo | Site metasploit.com

This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0 from Vulhub (Linux) and on Windows. Warning! Multiple sessions may be created by exploiting this vuln.

tags | exploit, java

systems | linux, windows

advisories | CVE-2020-14750, CVE-2020-14882, CVE-2020-14883

MD5 | 5405ea15491baee8139d2505e9a04d02

Download | Favorite | View

WebLogic Server Deserialization Remote Code Execution

Posted May 21, 2020

Authored by Shelby Pace, Y4er, Jang | Site metasploit.com

This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers.

tags | exploit, java, remote, code execution, protocol

advisories | CVE-2020-2555

MD5 | e3a30f51596b55d810e3f2ed09788c15

Download | Favorite | View