Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

This is a PoC exploit for CVE-2017-10271, a vulnerability in Oracle WebLogic's wls-wsat component that allows for deserialization of untrusted data, leading to remote code execution. The exploit is written in Python and uses the requests library to send a malicious XML payload to the vulnerable...

The vulnerability of the WLS9_ASYNC and WLS-WSAT component of the Oracle WebLogic Server allows a hacker to execute arbitrary code and take control of the target system.

The vulnerability of the WLS9ASYNC and WLS-WSAT component of the Oracle WebLogic Server application server is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and gain control over the target system...

Oracle WebLogic Server wls9_async_response / wls-wsat Remote Code Execution

The version of Oracle WebLogic Server installed on the remote host is affected by a remote code execution vulnerability in the WLS9-async component due to unsafe deserialization of XML encoded Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execut...

Oracle WebLogic wls-wsat Component Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle WebLogic wls-wsat Component Deserialization RCE', 'Description' = %q The Oracle WebLogic WLS WSAT Component is vulnerable to a XML...

Oracle WebLogic < 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution Exploit

Exploit for multiple platform in category remote exploits !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Weblogic wls-wsat Component Deserialization RCE Date Authored: Jan 3, 2018 Date Announced: 10/19/2017 Exploit Author: Kevin Kirsche d3c3pt10n Exploit Github:...

Oracle WebLogic wls-wsat Component Deserialization RCE

The Oracle WebLogic WLS WSAT Component is vulnerable to a XML Deserialization remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Discovered by Alexey Tyurin of ERPScan and Federico Dotta of Media Service. Please note th...

Oracle WebLogic wls-wsat RCE(CVE-2017-10271)

漏洞描述 黑客利用WebLogic 反序列化漏洞（CVE-2017-3248）和WebLogic WLS 组件漏洞（CVE-2017-10271）对企业服务器发起大范围远程攻击，有大量企业的服务器被攻陷，且被攻击企业数量呈现明显上升趋势，需要引起高度重视。其中，CVE-2017-10271是一个最新的利用Oracle WebLogic中WLS 组件的远程代码执行漏洞，属于没有公开细节的野外利用漏洞，大量企业尚未及时安装补丁。官方在 2017 年 10 月份发布了该漏洞的补丁。 该漏洞的利用方法较为简单，攻击者只需要发送精心构造的 HTTP...