.. / CVE-2017-10271

Exploit for Oracle WebLogic Server - Remote Command Execution (CVE-2017-10271)

Description:

The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.

Nuclei Template

View the template here CVE-2017-10271.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-10271.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-10271
https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
http://www.securitytracker.com/id/1039608
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://github.com/SuperHacker-liuan/cve-2017-10271-poc

.. / CVE-2017-10271 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Oracle WebLogic Server - Remote Command Execution (CVE-2017-10271)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2017-10271