Lucene search
RootSSV:93386HistoryDec 10, 2015 - 12:00 a.m.
用友某系统漏洞(SSRF&Java反序列化命令执行漏洞)
2015-12-1000:00:00
Root
www.seebug.org
368
0.97 High
EPSS
Percentile
99.7%
简要描述:
1.SSRF内网信息嗅探;
2.Java反序列化命令执行:获取系统权限。
详细说明:
用友私有云运营中心
http://219.232.202.154:8080/#/home
部署的weblogic:
漏洞证明:
1.SSRF
默认搜索页面存在:
2.Java反序列化命令执行
测试EXP:
成功反弹shell:
root权限,系统已经沦陷:
本次测试,未对系统进行恶意破坏。
Related
hackerone
hackerone
U.S. Dept Of Defense: WebLogic Server Side Request Forgery
2017-12-25 21:57:03
nuclei
nuclei
Oracle Weblogic - Server-Side Request Forgery
2021-04-23 13:03:54
prion
prion
Design/Logic Flaw
2014-07-17 05:10:00
Design/Logic Flaw
2014-07-17 11:17:00
cve
cve
CVE-2014-4210
2014-07-17 05:10:00
CVE-2014-4241
2014-07-17 11:17:00
seebug
seebug
Oracle WebLogic SSRF And XSS
2015-09-06 00:00:00
cvelist
cvelist
CVE-2014-4210
2014-07-17 02:36:00
CVE-2014-4241
2014-07-17 10:00:00
ibm
ibm
openvas
openvas
Oracle WebLogic Server Multiple Unspecified Vulnerabilities -01 (May 2016)
2016-05-03 00:00:00
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities
2014-07-21 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00