WebLogic Server Deserialization Remote Code Execution

Posted by deepcore on June 5, 2020 – 5:23 pm

This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator enables the ability to trigger method.invoke(), which will execute arbitrary code.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« WordPress Drag And Drop Multi File Uploader Remote Code Execution Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

WebLogic Server Deserialization Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL