Vulnerabilities > CVE-2014-4241 - Remote Security vulnerability in Oracle WebLogic Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 | |
| Application | 2 | |
| OS | 1 |
Seebug
| bulletinFamily | exploit |
| description | ### 简要描述: 1.SSRF内网信息嗅探; 2.Java反序列化命令执行:获取系统权限。 ### 详细说明: 用友私有云运营中心 http://219.232.202.154:8080/#/home [<img src="https://images.seebug.org/upload/201512/10005828b7d30e5f06178972c3e212e8a414e3ed.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/10005828b7d30e5f06178972c3e212e8a414e3ed.png) 部署的weblogic: [<img src="https://images.seebug.org/upload/201512/10005902570fd3b893016d8ba2b1ab0ca064eebc.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/10005902570fd3b893016d8ba2b1ab0ca064eebc.png) ### 漏洞证明: 1.SSRF 默认搜索页面存在: [<img src="https://images.seebug.org/upload/201512/100059475f15a213edd5375e9d3edb59bddeb8d7.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/100059475f15a213edd5375e9d3edb59bddeb8d7.png) 结合http://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html,以localhost为例进行测试: [<img src="https://images.seebug.org/upload/201512/100100050e1ee5726adaa9306ded55aebe3b529d.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/100100050e1ee5726adaa9306ded55aebe3b529d.png) 2.Java反序列化命令执行 测试EXP: [<img src="https://images.seebug.org/upload/201512/10010027324f796189765a9f89ad8122f2229421.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/10010027324f796189765a9f89ad8122f2229421.png) 成功反弹shell: [<img src="https://images.seebug.org/upload/201512/1001010279f70e341cb0f3945498b67b1016c1eb.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/1001010279f70e341cb0f3945498b67b1016c1eb.png) root权限,系统已经沦陷: [<img src="https://images.seebug.org/upload/201512/10010122c5f584ba2bf73fb318109ae518527c9c.png" alt="7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201512/10010122c5f584ba2bf73fb318109ae518527c9c.png) 本次测试,未对系统进行恶意破坏。 |
| id | SSV:93386 |
| last seen | 2017-11-19 |
| modified | 2015-12-10 |
| published | 2015-12-10 |
| reporter | Root |
| title | 用友某系统漏洞(SSRF&Java反序列化命令执行漏洞) |
References
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68649
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94559