Weblogic RCE by only one GET request — CVE-2020–14882 Analysis

  • CVSS: 9.8/10
  • Giao thức: HTTP
  • Ảnh hưởng tất cả các version
http://<target>/console/console.portal?_nfpb=true&_pageLabel=HomePage1&handle=java.lang.String("ahihi")
private static final String[] IllegalUrl = new String[]{";", "%252E%252E", "%2E%2E", "..", "%3C", "%3E", "<", ">"};
  • /appmanager/*
  • *.portlet
  • *.portion
  • *.portal
  • /bea-helpsets/*
  • /framework/skins/wlsconsole/images/*
  • /framework/skins/wlsconsole/css/*
  • /framework/skeletons/wlsconsole/js/*
  • /framework/skeletons/wlsconsole/css/*
  • /css/*
  • /common/*
  • /images/*
/console/css/changemgmt.portal
  • Url pattern “/common/*” được xử lý bởi JSPCServlet (handle các request tới file jsp)
  • Các url pattern “/framework/*” được xử lý bởi FileServlet
  • /css/*” để bypass authen
  • *.portal” để trigger
Trước khi decode

--

--

asdasd asdasdasd asdasdasd

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store