.. / CVE-2022-21371

Exploit for Oracle WebLogic Server Local File Inclusion (CVE-2022-21371)

Description:

An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can result in unauthorized and sometimes complete access to critical data.

Nuclei Template

View the template here CVE-2022-21371.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-21371.yaml

References:

https://gist.github.com/picar0jsu/f3e32939153e4ced263d3d0c79bd8786
https://github.com/Mr-xn/CVE-2022-21371
https://www.oracle.com/security-alerts/cpujan2022.html
https://nvd.nist.gov/vuln/detail/CVE-2022-21371
http://packetstormsecurity.com/files/165736/Oracle-WebLogic-Server-14.1.1.0.0-Local-File-Inclusion.html

.. / CVE-2022-21371 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Oracle WebLogic Server Local File Inclusion (CVE-2022-21371)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-21371