Oracle WebLogic Server Console Authentication Bypass and RCE

This repository contains a working exploit for CVE-2020-14882, a critical unauthenticated remote code execution vulnerability in Oracle WebLogic Server (tested on version 12.2.1.0, Linux). The main file, 'CVE-2020-14882.py', is a Python script that exploits a path traversal and MVEL injection flaw in the WebLogic Admin Console. The exploit works by sending a specially crafted HTTP GET request to the '/console/images/%252E%252E%252Fconsole.portal' endpoint, which triggers the vulnerability. Upon successful exploitation, the script provides an interactive shell-like interface, allowing the attacker to send arbitrary system commands via a custom HTTP header ('cmd') in subsequent POST requests to the same endpoint. The README.md provides detailed background on the vulnerability, affected versions, exploitation technique, and mitigation advice. The exploit is operational and can be used to gain full control of a vulnerable WebLogic instance over the network without authentication.

This repository contains a PowerShell exploit script (48971.ps1) and a README.md file. The script targets Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, exploiting CVE-2020-14882 to achieve unauthenticated remote code execution (RCE) via a specially crafted HTTP GET request. The user supplies the target WebLogic server URL and an arbitrary command to execute. The script constructs a GET request to the vulnerable endpoint, injecting the command for execution on the server. The README provides usage instructions and references. The exploit is operational, allowing attackers to run arbitrary commands on vulnerable servers without authentication. No hardcoded payload is present; the command is user-supplied, making the exploit flexible. The main attack vector is network-based, targeting the WebLogic management interface over HTTP(S).

This repository contains a Python exploit script (cve_2020_14882.py) and a README.md. The script targets Oracle WebLogic Server instances vulnerable to CVE-2020-14882, a remote code execution flaw. The exploit works by prompting the user for a target WebLogic URL and a local network interface. For each command entered by the user, the script sets up a temporary HTTP listener on the attacker's machine, crafts a PowerShell command that will execute on the target and send its output back to the attacker's listener via HTTP POST, and then triggers the vulnerability by sending a specially crafted request to the WebLogic console portal endpoint. The listener captures the HTTP POST containing the command output and displays it to the user. The exploit is operational, providing interactive command execution and output retrieval, and is not part of a larger framework. The main attack vector is network-based, exploiting a web application endpoint. The script is self-contained and requires only Python and network access to the target and from the target back to the attacker's machine.

This repository is a comprehensive exploit library (exphub) containing operational exploit scripts for a wide range of high-profile vulnerabilities affecting popular enterprise software. The structure is organized by product (e.g., drupal/, f5/, fastjson/, jboss/, nexus/, ofbiz/, shiro/, solr/, spring/, struts2/, tomcat/, weblogic/), with each directory containing Python or Java scripts for specific CVEs. The scripts are primarily remote code execution (RCE) exploits, but also include file read, webshell upload, SSRF, and administrative bypasses. Many scripts provide interactive shells or allow arbitrary command execution, and some require authentication. The repository includes both proof-of-concept (POC) and full exploit scripts, with detailed usage instructions embedded in the code and readme files. The attack vector is predominantly network-based, targeting HTTP(S) endpoints, and the scripts are suitable for both vulnerability validation and exploitation. The codebase is mature, with operational exploits for each vulnerability, and is a valuable resource for penetration testers and red teamers.

This repository is a comprehensive Python-based exploit and POC framework with a GUI (Tkinter) for managing and executing a wide range of vulnerability checks and exploits. The structure is organized into EXP/ (exploit) and POC/ (proof-of-concept or auxiliary) directories, each containing scripts for specific products and vulnerabilities. The main entry point is CodeTest.pyw, which provides a GUI for selecting and running exploits. The EXP/ directory contains modules for major enterprise software (Apache, Jenkins, Nexus, JBoss, Drupal, ThinkPHP, Fastjson, etc.), each supporting multiple CVEs, primarily focused on remote code execution, file upload, and information disclosure vulnerabilities. The framework supports both detection and exploitation, with payloads that can be customized per target. The code is modular, with each exploit script implementing a class for the target product and methods for each CVE. The repository also includes auxiliary scripts for reconnaissance (e.g., FOFA, GithubHunter, JSFinder, LinkFinder) and configuration files. The overall purpose is to provide penetration testers and security researchers with a unified, extensible platform for vulnerability assessment and exploitation across a wide range of popular enterprise software.

This repository contains a Python exploit script (main.py) targeting Oracle WebLogic Server's CVE-2020-14882 vulnerability, which allows unauthenticated remote code execution via a specially crafted GET request. The exploit constructs a URL to the /console/images/%252E%252E%252Fconsole.portal endpoint, injecting a Java MVEL expression that executes arbitrary system commands on the server. The script takes two arguments: the target WebLogic server URL and the command to execute. The README provides usage instructions and examples, emphasizing the exploit's ability to run arbitrary commands (such as nslookup or PowerShell web requests) on the target. The repository is structured simply, with a single Python code file, a README, and a license. The exploit is operational, requiring only Python 3 and the requests/urllib3 libraries, and is intended for use against vulnerable, internet-accessible WebLogic instances.

This repository contains a Python exploit script (CVE-2020-14882.py) targeting Oracle WebLogic Server's CVE-2020-14882 vulnerability, which allows unauthenticated remote command execution. The script sends a specially crafted POST request to the vulnerable endpoint '/console/css/%252e%252e%252fconsole.portal' with a serialized Java payload that executes an OS command specified by the attacker via the 'cmd' HTTP header. The script supports both single-target and multi-target modes (via a file of URLs), and outputs the result of the executed command. The repository also includes a Readme file with usage instructions and references to related exploits. The exploit is operational and can be used to gain remote code execution on unpatched WebLogic servers.

This repository contains a Python exploit script (14882.py) targeting Oracle WebLogic Server vulnerabilities CVE-2020-14882, CVE-2020-14883, and CVE-2020-14750. The exploit leverages a path traversal vulnerability in the WebLogic console component, specifically targeting the '/console/css/%252e%252e%252fconsole.portal' endpoint. By sending a crafted POST request with a malicious payload, the script enables remote command execution on the target server. The script supports two attack modes: one using MVEL for direct command execution (for WebLogic 12), and another using XML deserialization (for WebLogic 10). The user provides the target URL and either a command to execute or a remote XML file. The exploit returns the output of the executed command if successful. The repository includes a README with usage instructions and references. No hardcoded IPs or domains are present; the target is specified by the user at runtime. The exploit is operational and provides a working RCE payload for vulnerable WebLogic instances.

This repository contains a Python proof-of-concept exploit for CVE-2020-14882, an unauthenticated remote code execution vulnerability in Oracle WebLogic Server. The main file, 'Oracle Weblogic Auth Bypass RCE(CVE-2020–14882).py', sends a crafted POST request to the vulnerable WebLogic endpoint '/console/images/%252E%252E%252Fconsole.portal' with a payload that attempts to execute the 'ipconfig' command on the target server. The script checks the response for evidence of command execution to determine if the target is vulnerable. The exploit targets several versions of Oracle WebLogic Server (10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0). The repository includes a README with usage instructions, affected versions, and references. The exploit is a POC and does not provide a customizable payload or post-exploitation features.

This repository provides a Python-based exploit tool for CVE-2020-14882, a critical remote code execution vulnerability in Oracle WebLogic Server. The main script, 'CVE-2020-14882_ALL.py', supports three exploitation modes: (1) single target command execution with output (echo), (2) batch exploitation using a list of targets from 'target.txt', and (3) blind command execution using an external XML payload ('poc.xml') for scenarios such as reverse shell. The exploit works by sending specially crafted HTTP requests to vulnerable WebLogic endpoints, leveraging JNDI deserialization and Spring Beans XML parsing to achieve arbitrary command execution. The repository includes a sample XML payload and a target list template. The exploit is operational, providing both command execution with output and blind execution capabilities, and is suitable for penetration testing of vulnerable WebLogic instances.

This repository contains a Python exploit script (CVE-2020-14882.py) and a README.md for CVE-2020-14882, a critical remote code execution vulnerability in Oracle WebLogic Server. The exploit targets the /console/images/%252E%252E%252Fconsole.portal endpoint, abusing a path traversal and MVEL code injection to achieve arbitrary command execution. The script first checks for vulnerability by sending a crafted GET request, then provides an interactive shell interface where the user can input system commands. These commands are sent via a POST request with a Java payload that extracts the 'cmd' HTTP header and executes it on the server. The README documents affected versions, provides usage instructions, and includes example requests. The exploit is operational and provides remote command execution on vulnerable WebLogic instances.