WebLogic RCE (CVE-2019-2725) Debug Diary - Written by Badcode@Knownsec 404 Team. What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common?
遇到的目标shiro不存在可用的gadget,但是探测出他的key为默认的 kPH+bIxk5D2deZiIxcaaaA==,通过404报错页面发现是WebLogic,通过CVE-2020-2883的gadget来成功RCE,但是不出网,没法反弹shell,而且是SpringMVC写jsp文件也访问不到,只能搞Filter内存马。
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback