美文网首页TIDE_网络安全
WeblogicScan

WeblogicScan

作者: RabbitMask | 来源:发表于2019-05-14 10:07 被阅读159次

    ParrotSecurity首发,WeblogicScan V1.1

    Weblogic vulnerability one-click poc detection.
    https://github.com/rabbitmask/WeblogicScan

    Software Author: Tide_RabbitMask.
Thanks to the open source POC from the web.
I have only carried out the magic transformation and interface unification.  
Disclaimer:Pia!(o ‵-′)ノ”(ノ﹏<。)
This tool is for safety testing only,and should not be used for illegal use.

V 1.1 Features:
Provides a one-click poc detection that includes almost all weblogic history vulnerabilities.
Details are as follows:

    #Console path leak
    Console  

    #SSRF:
    CVE-2014-4210      

    #JAVA deserialization
    CVE-2016-0638  
    CVE-2016-3510   
    CVE-2017-3248   
    CVE-2018-2628 
    CVE-2018-2893
    CVE-2019-2725       

    #Any file upload
    CVE-2018-2894   

    #XMLDecoder deserialization
    CVE-2017-10271 
    CVE-2017-3506

V 1.1 Update log:

    Cut exp:all
    Cut poc:CVE-2015-4852
    New poc:CVE-2017-10271,CVE-2019-2725,CVE-2018-2894
    New Logging Function
    New Console
    New Name and Banner

    Software using Demo:

    __        __   _     _             _        ____
\ \      / /__| |__ | | ___   __ _(_) ___  / ___|  ___ __ _ _ __
 \ \ /\ / / _ \ '_ \| |/ _ \ / _` | |/ __| \___ \ / __/ _` | '_ \
  \ V  V /  __/ |_) | | (_) | (_| | | (__   ___) | (_| (_| | | | |
   \_/\_/ \___|_.__/|_|\___/ \__, |_|\___| |____/ \___\__,_|_| |_|
                 |___/
                    By Tide_RabbitMask | V 1.1

Welcome To WeblogicScan !!
[*]Console path test begins...
[+]The target Weblogic console address is exposed!
[+]The path is: http://127.0.0.1:7001/console/login/LoginForm.jsp
[+]Please try weak password blasting!
[*]CVE_2014_4210 test begins...
[+]The target Weblogic UDDI module is exposed!
[+]The path is: http://127.0.0.1:7001/uddiexplorer/
[+]Please verify the SSRF vulnerability!
[*]CVE_2016_0638 test begins...
[+]The target weblogic has a JAVA deserialization vulnerability:CVE-2016-0638
[*]CVE_2016_3510 test begins...
[-]Target weblogic not detected CVE-2016-3510
[*]CVE_2017_3248 test begins...
[-]Target weblogic not detected CVE-2017-3248
[*]CVE_2017_3506 test begins...
[-]Target weblogic not detected CVE-2017-3506
[*]CVE_2017_10271 test begins...
[-]Target weblogic not detected CVE-2017-10271
[*]CVE_2018_2628 test begins...
[+]The target weblogic has a JAVA deserialization vulnerability:CVE-2018-2628
[*]CVE_2018_2893 test begins...
[+]The target weblogic has a JAVA deserialization vulnerability:CVE-2018-2893
[*]CVE_2018_2894 test begins...
[-]Target weblogic not detected CVE-2018-2894
[*]CVE_2019_2725 test begins...
[-]Target weblogic not detected CVE-2019-2725
[*]The mission is over,the goal is 127.0.0.1:7001

    相关文章

      网友评论

        本文标题:WeblogicScan

        本文链接:https://www.haomeiwen.com/subject/uxvjaqtx.html

        延伸阅读

        深度阅读

        • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

        栏目导航

        热点阅读

        TIDE_网络安全

        关于我们|服务条款|联系我们|WeblogicScan|投稿指南|网站地图|RSS订阅|排版工具|手机版

        提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

        Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

        备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

        本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

        所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!