Weblogic Deserialization Vulnerability Testing and Resolution - Code World

Weblogic Deserialization Vulnerability Testing and Resolution

Others 2022-05-23 11:55:00 views: 0

Through this vulnerability, you can write files to the server without logging in and only need to specify the IP and port number.

An exception may occur: Unsupported major.minor version 51.0
JDK compilation environment is inconsistent, solution: upgrade JDK

1. Test
java -jar Test.jar weblogic 192.168.0.11 7001 F:/a.txt
Note: The txt file is directly generated in the specified IP computer , you need to download a test JAR package After

performing this operation, if the computer on the IP generates a.txt file, it proves that the vulnerability exists (this command is operated under windows, and the file path is modified under linux, which has not been tested yet).

2. Solution

Find
..\weblogic\Middleware\modules\com.bea.core.apache.commons.collections_3.2.0.jar to

download the latest official collections.jar, replace the original jar package, and restart the application service

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326774012&siteId=291194637

Weblogic Deserialization Vulnerability Testing and Resolution

weblogic deserialization vulnerability getshell

weblogic deserialization vulnerability getshell

weblogic deserialization vulnerability (CVE-2017-10271)

Remote command execution and deserialization-Weblogic middleware deserialization vulnerability and related

WebLogic deserialization vulnerability (CVE-2019-2890) reproduced (super detailed)

weblogic deserialization vulnerability CVE-2018-2628 - batch detection script

WebLogic Deserialization Vulnerability Reproduction + Exploitation Tool (CVE-2021-2394)

CVE-2018-2628 vulnerability weblogic WLS deserialization vulnerability study notes

Weblogic XMLDecoder Deserialization Vulnerability Principle and Vulnerability Reappearance (Based on Vulhub, Nanny-level Detailed Tutorial)

Weblogic Vulnerability

Weblogic wls9_async_response deserialization Remote Command Execution Vulnerability (CNVD-C-2019-48814)

Network Security In-depth Study Lesson 6 - Popular Framework Vulnerabilities (RCE- Weblogic Deserialization Vulnerability)

Weblogic WLS Core Components Deserialization Command Execution Vulnerability (CVE-2018-2628)

pyyaml deserialization vulnerability

A mall system deserialization vulnerability

Fastjson deserialization vulnerability Overview

On deserialization vulnerability principle PHP

fastjson vulnerability research deserialization (at)

fastjson deserialization RCE Vulnerability

PHP deserialization vulnerability research

Fastjson deserialization vulnerability

PHP deserialization vulnerability summary

UNSERIALIZE-Deserialization vulnerability

Shiro deserialization vulnerability reproduced

java deserialization vulnerability countermeasures

Fastjson deserialization vulnerability recurrence

Deserialization Vulnerability (PHP)

Weblogic ssrf vulnerability recurrence

Weblogic Vulnerability (1) Basic Introduction of Weblogic

Recommended

Ranking

A quick primer on numpy basics

Two sister tease python project

Java | Multiple keywords in the replacement content are returned to the front end in red style

C ++: references

The string leetcood 1018 is a binary prefix divisible by 5

Flutter 布局组件

Java combat spingboot-redis

PMP pre-exam sprint and wrong questions sorting

ActiveMq C# Message Features: Delayed and Timed Message Delivery

DSP28377S_ copy a program from the RAM to FLASH portion DETAILS

Daily

More

2024-05-16(23)

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)