Weblogic RCE by only one GET request — CVE-2020–14882 Analysis

  • CVSS: 9.8/10
  • Giao thức: HTTP
  • Ảnh hưởng tất cả các version
http://<target>/console/console.portal?_nfpb=true&_pageLabel=HomePage1&handle=java.lang.String("ahihi")
private static final String[] IllegalUrl = new String[]{";", "%252E%252E", "%2E%2E", "..", "%3C", "%3E", "<", ">"};
  • /appmanager/*
  • *.portlet
  • *.portion
  • *.portal
  • /bea-helpsets/*
  • /framework/skins/wlsconsole/images/*
  • /framework/skins/wlsconsole/css/*
  • /framework/skeletons/wlsconsole/js/*
  • /framework/skeletons/wlsconsole/css/*
  • /css/*
  • /common/*
  • /images/*
/console/css/changemgmt.portal
  • Url pattern “/common/*” được xử lý bởi JSPCServlet (handle các request tới file jsp)
  • Các url pattern “/framework/*” được xử lý bởi FileServlet
  • /css/*” để bypass authen
  • *.portal” để trigger
Trước khi decode

--

--

--

asdasd asdasdasd asdasdasd

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jang

Jang

asdasd asdasdasd asdasdasd

More from Medium

DNS in Detail | TryHackME |Writeup

First OHSINT challenge writeup

PWNABLE.KR BOF WALKTHROUGH

Kryptos Support Write-up