CVE-2017-10271 BYPASS #10
Comments
|
Hey @kkirsche :) Happy to see you just re-opened this one; After some research it seems like most of ALL PoCs out there available to public are "FAKE" PoCs since it doesn't really bypasses the patch of CVE-2017-10271. Technical details are available: https://paper.seebug.org/910/ Unfortunately, the juicy part where the golden payload that bypasses the patch and blacklisted tags is blurred. Maybe with your talented pentesting eyes you could see it ;) Another one; https://github.com/jas502n/CNVD-C-2019-48814/blob/master/burpsuite.jpg Any help on this one would be very appreciated since I believe lot of us would like to reproduce in our environment if our servers are vulnerable to this. Thanks. |
|
No worries. Let me see what I can figure out. :) thanks for sharing! |
|
Real PoC for CVE-2019-2725; https://raw.githubusercontent.com/hanc00l/some_pocsuite/master/weblogic-async_all_rce.py Note that this PoC is using "oracle.toplink.internal.sessions.UnitOfWorkChangeSet" which only affects WebLogic 10.* and not 12.*. The class that affects both versions are: Let me know if you need any more details :) Thanks. |
|
Update: another class (universal) would be "com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext". I can get my local WebLogic server downloading the file "rce.xml" but now the challenge I am facing is having a correct "rce.xml" that can execute 'calc.exe'. |
|
https://www.exploit-db.com/exploits/46814 is out as well. Will work on this after this week (have a test for my masters degree classes) |
Hi Kevin!
Hope you are doing well :) I was wondering if u could add support for CVE-2017-10271 bypass that just got out (see https://github.com/jas502n/CNVD-C-2019-48814). The bug is with
http://localhost:7001/_async/
Any help or suggestions would be very appreciated,
Thanks
The text was updated successfully, but these errors were encountered: