.. / CVE-2020-14882

Exploit for Oracle Weblogic Server - Remote Command Execution (CVE-2020-14882)

Description:

Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server.

Nuclei Template

View the template here CVE-2020-14882.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-14882.yaml

References:

https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
https://nvd.nist.gov/vuln/detail/CVE-2020-14882
https://github.com/jas502n/CVE-2020-14882#eg
https://www.oracle.com/security-alerts/cpuoct2020.html
https://youtu.be/JFVDOIL0YtA
https://twitter.com/jas502n/status/1321416053050667009

.. / CVE-2020-14882 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Oracle Weblogic Server - Remote Command Execution (CVE-2020-14882)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-14882