Create weblogic server and cluster ip=”10.20.0.2″ nwport=8001 wwport=9001 nwlist=[ (‘wtdsrwnw’,’Cluster_dsrwnw’,8111), (‘wtjscxnw’,’Cluster_jscxnw’,8151), (‘wtmhnw’,’Cluster_mhnw’,8801), (‘wttyrznw’,’Cluster_tyrznw’,8701), (‘wtwsjsnw’,’Cluster_wsjsnw’,8501), (‘wtwssbnw’,’Cluster_wssbnw’,8101), (‘wtwsznw’,’Cluster_wsznw’,8401) ] wwlist=[ (‘wtmhww’,’Cluster_mhww’,9801), (‘wtwsjsww’,’Cluster_wsjsww’,9501), (‘wtwssbww’,’Cluster_wssbww’,9101), (‘wtwszww’,’Cluster_wszww’,9401) ] def create_servers(port,serverlist): connect(‘weblogic’,’aaaaaa’, ‘t3://%s:%s’ %(ip,port)) edit() startEdit() for server in serverlist: cd(‘/’) cmo.createServer(‘%s’ %server[0]) cd(‘/Servers/%s’ %server[0]) cmo.setListenAddress(‘%s’ %ip) cmo.setListenPort(server[2]) cd(‘/’) cmo.createCluster(‘%s’ %server[1]) cd(‘/Clusters/%s’ %server[1]) cmo.setClusterMessagingMode(‘unicast’) cmo.setClusterBroadcastChannel(”) cd(‘/Servers/%s’ %server[0]) cmo.setCluster(getMBean(‘/Clusters/%s’ %server[1])) save() activate(block=”true”) […]
Tag: weblogic
WebLogic 12c multi-node Cluster silent installation
WebLogic cluster architecture Weblogic role AdminServer: 172.16.65.130 NodeServer: ?172.16.65.131, 172.16.65.132 Version weblogic 12.2.1.3.0 centos 7.3 Common installation steps — Create account and directory — /usr/sbin/groupadd -g 666 wladmin /usr/sbin/useradd -u 666 -g wladmin -G wladmin wladmin /usr/bin/echo -e “P@ssw0rd\ P@ssw0rd” | (/usr/bin/passwd –stdin wladmin) /usr/bin/mkdir -p /WebLogic/oracle/inventory /usr/bin/chown -R wladmin:wladmin /WebLogic /usr/bin/chmod -R 775 /WebLogic […]
[Network Security—Vulnerability Recurrence] WebLogic Deserialization Vulnerability (CVE-2019-2890) Vulnerability Recurrence
1. Vulnerability description 1-1 Vulnerability principle: When Weblogic uses the T3 protocol to make remote resource loading calls, it will perform blacklist filtering by default to ensure deserialization security. This vulnerability bypasses Weblogic’s deserialization blacklist, allowing attackers to conduct remote attacks on vulnerable Weblogic components through the T3 protocol. Since the T3 protocol is turned […]
[Deserialization] Complete reproduction of Weblogic deserialization vulnerability (CVE-2017-10271/CVE-2018-2628)
CVE-2017-10271 and CVE-2018-2628 full version recurrence + minefield + solution + the most detailed! ! ! ! ! ! ! CVE-2017-10271 1. Introduction Weblogic’s WLS Security component provides webservice services to the outside world. XMLDecoder is used to parse the XML data passed in by the user. During the parsing process, a deserialization vulnerability occurs, […]
SSRF_weblogic vulnerability recurrence_scheduled task utilization
SSRF_weblogic vulnerability recurrence Article directory SSRF_weblogic vulnerability recurrence 1 Environment setup 2 Compile and start the test environment 3 Use bp to capture packets 3.1 Click Search, then use bp to capture packets 3.2 If there is an error message, there may be an SSRF vulnerability. 3.3 Forward repeater module to modify parameters After the […]
XXE utilization and analysis of weblogic
weblogic’s XXE utilization and analysis The vulnerability environment of this article uses P God’s CVE-2018-2628 Local IP: 192.168.202.1 Attacked host IP: 192.168.202.129 1. xxer tool 1.1 Introduction xxer can quickly set up a blind injection environment for xxe. Download address: https://github.com/TheTwitchy/xxer The tool is started using python2, -h can view help information C:\Users\asus\Desktop\xxer-master>python2 xxer.py -h […]
Weblogic deserialization vulnerability (CVE-2018-2628/CVE-2023-21839 recurrence)
Content table of contents Weblogic deserialization vulnerability (CVE-2018-2628/CVE-2023-21839) weblogic middleware CVE-2018-2628 Vulnerability description Affected version Vulnerability recurrence Fix CVE-2023-21839 Vulnerability description Affected version Vulnerability recurrence Fix Weblogic Deserialization Vulnerability (CVE-2018-2628/CVE-2023-21839) weblogic middleware WebLogic is an application server produced by Oracle Corporation in the United States. It is a Java application server used to develop, integrate, […]
Weblogic Vulnerability Analysis CVE-2017-3248 & CVE-2018-2628
CVE-2017-3248 & amp; CVE-2018-2628 The latter vulnerability is just a bypass of 2017-3248, so the poc is the same, but the payload used is different. Open the JRMP server on this machine -> Use the T3 protocol to send the payload to deserialize weblogic, open the JRMP client, and connect to the server -> The […]
Recurrence of deserialization vulnerabilities in Weblogic (CVE-2017-10271) and Struts2 (s2-045)
Article directory Recurrence of Java deserialization vulnerability weblogic Environment setup Vulnerability recurrence Struts2(s2-045) Environment setup Vulnerability recurrence **Exploit** Java deserialization vulnerability reappears weblogic Weblogic < 10.3.6 wls-wsat’ XMLDecoder deserialization vulnerability (CVE-2017-10271) ? Weblogic’s WLS Security component provides webservice services to the outside world. XMLDecoder is used to parse the XML data passed in by the […]
Java deserialization vulnerability recurrence (weblogic and s2)
Article directory weblogic Start environment Vulnerability Scan Vulnerability recurrence S2-045 Start environment Vulnerability recurrence Prerequisites: 1.Install docker docker pull medicean/vulapps:j_joomla_2 2. Install docker-compose docker run -d -p 8000:80 medicean/vulapps:j_joomla_2 3. Download vulhub weblogic Start environment Go to the following path: cd vulhub/weblogic/CVE-2017-10271 Start the container: sudo docker-compose up -d As shown in the figure, the […]