[面包]MrTwoC

你好，欢迎来到这个基于区块链的个人博客名字：面包 / MrTwoc 爱好：跑步(5/10KM)、咖啡、游戏(MMORPG、FPS、Minecraft、Warframe) 兴趣方向：Rust、区块链、网络安全、量子信息(量子计算)、游戏设计与开发

WebLogic任意文件上传

Feb 13, 2024#Web2Security #UpLoadFile25

AI-generated summary

The given text provides instructions on how to exploit a vulnerability in WebLogic using the CVE-2018-2894 vulnerability. It involves running a docker-compose command, changing the working directory, intercepting and sending images and messages, finding a timestamp, accessing a specific link, and ultimately gaining shell access using the "冰蝎链接" (presumably a tool or method).

地址
/root/CVE/vulhub-master/weblogic/CVE-2018-2894
输入
docker-compose up -d

地址
http://192.168.1.4:7001/ws_utc/config.do

将工作目录改为：
/u01/oracle/user_projects/domains/base_domain/servers/AdminServer/tmp/_WL_internal/com.oracle.webservices.wls.ws-testclient-app-wls/4mcj4y/war/css
点击提交

拦截下来，发送到 Repeater 中

再发送报文

这里看到
1686842225512
找到了需要的时间戳
随后访问链接
http://192.168.1.4:7001/ws_utc/css/config/keystore/1686842225512_shell.jsp
成功，随后利用冰蝎链接，就可以拿到 shell

Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.

Blockchain ID
#60961-10
Owner
0x4cc7cb48adf7c465a49f98aecafe7948450d85b2
Transaction Hash
Creation 0xaeaf6fdd...6f153cb4eb Last Update 0xaeaf6fdd...6f153cb4eb
IPFS Address
ipfs://QmQHcJ1HGE6K9q1UgUJioPq1FPknYHCD1DQSuJ3AciGQDy