Awesome
CNVD-C-2019-48814、CVE-2019-2725 Weblogic _async remote command execution exp
The main code is based on js implementation. Linux Payload uses Jason, Windows Payload is modified 10271, java.lang.Runtime is executed.
Environmental needs
All versions of Windows.
Usage
cve2019-2725_weblogic_rce.bat http://192.168.31.5:7001 "cat /etc/passwd"
Vulnerability information
- 关于Oracle WebLogic wls9-async组件存在反序列化远程命令执行漏洞的安全公告
- WebLogic RCE(CVE-2019-2725)漏洞之旅
- Oracle Security Alert Advisory – CVE-2019-2725