🤣
CybersecurityNote
  • Foreword
  • References.md
    • References
    • attackdefense
    • Domain Environment
    • HTB
    • Red Team Range
    • tryhackme
    • vulnhub
  • Security Certificates
    • CISSP
    • CRTO
      • Exam experience sharing
    • OSCP
      • Exam experience sharing
  • Security Testing
    • Lateral Movement
      • AS-REP Roasting Attack
      • Kerberoasting Attack
  • Security Vulnerability
    • application Vulnerability
    • Linux Privilege Escalation Vulnerability
    • Linux Vulnerability
    • unauthorized vulnerability
      • ActiveMQ Unauthorized Access Vulnerability
      • Apache Flink Unauthorized Access Vulnerability
      • Atlassian Crowd Unauthorized Access Vulnerability
      • CouchDB Unauthorized Access Vulnerability
      • Docker Unauthorized Access Vulnerability
      • Dubbo Unauthorized Access Vulnerability
      • Jenkins Unauthorized Access Vulnerability
      • Jupyter Notebook Unauthorized Access Vulnerability
      • MongoDB Unauthorized Access Vulnerability
      • RabbitMQ Unauthorized Access Vulnerability
      • Spring Cloud Gateway Server Unauthorized Access Vulnerability
      • SpringBoot Actuator Unauthorized Access Vulnerability
      • Unauthorized Access to Kubernetes API Server
      • Unauthorized Access Vulnerability in Clickhouse
      • Unauthorized Access Vulnerability in Druid Monitoring Page
      • Unauthorized Access Vulnerability in Hadoop YARN Resourcemanager
      • Unauthorized Access Vulnerability in Hadoop Yarn RPC
      • Unauthorized Access Vulnerability in InfluxDB API
      • Unauthorized Access Vulnerability in JBoss
      • Unauthorized Access Vulnerability in Kafka Manager
      • Unauthorized Access Vulnerability in Kibana
      • Unauthorized Access Vulnerability in Kong
      • Unauthorized Access Vulnerability in LDAP
      • Unauthorized Access Vulnerability in Memcached
      • Unauthorized Access Vulnerability in NFS
      • Unauthorized Access Vulnerability in Redis
      • Unauthorized Access Vulnerability in Rsync
      • Unauthorized Access Vulnerability in Spark
      • Unauthorized Access Vulnerability in VNC Server
      • Unauthorized Access Vulnerability in Weblogic
      • Unauthorized Access Vulnerability in ZooKeeper
      • Zabbix Unauthorized Access Vulnerability
    • Windows Privilege Escalation Vulnerability
    • Windows Vulnerability
Powered by GitBook
On this page
  • Vulnerability Description
  • Vulnerability Detection
  1. Security Vulnerability
  2. unauthorized vulnerability

Unauthorized Access Vulnerability in Weblogic

PreviousUnauthorized Access Vulnerability in VNC ServerNextUnauthorized Access Vulnerability in ZooKeeper

Last updated 2 years ago

Vulnerability Description

Weblogic is a J2EE application server introduced by Oracle Corporation. The CVE-2020-14882 allows unauthorised users to bypass the permission verification of the management console and access the backend, while the CVE-2020-14883 allows the backend arbitrary user to execute any command through the HTTP protocol. The exploitation chain consisting of these two vulnerabilities enables an unauthorised any user to execute commands on a remote Weblogic server by means of a GET request.

Vulnerability Detection

Using vulhub to build the vulnerability demonstration environment.

cd vulhub/weblogic/CVE-2020-14882
sudo docker-compose up -d
http://192.168.0.5:7001/console/css/%252e%252e%252fconsole.portal

The attacker can construct a URL of a special request to access the management backend page without authorization:

Remote attackers can construct a special HTTP request to take over the WebLogic Server Console without authentication, and execute arbitrary code in the WebLogic Server Console.

image-20220511234328480