Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you about how to analyze Weblogic wls9_async component vulnerabilities CVE-2019-2725. The article is rich in content and analyzed and described from a professional point of view. I hope you can get something after reading this article.

Vulnerability description

The vulnerability is caused by the wls9-async component, which has a flaw in deserialization of input information. An attacker can pass malicious XML format data under the / _ async/AsyncResponseService path, and when the incoming data is deserialized on the server side, the malicious code is executed to implement remote command execution, thus the attacker can gain privileges on the entire server.

Affect the version

WebLogic 10.X

WebLogic 12.1.3

Recurrence step

Note: because version 10.x is affected, this reproduction uses the SSRF vulnerability version environment.

01 test whether a vulnerability exists

The method is as follows: visit http://youip:7001/_async/ (return 403 means it exists; return 404 means it does not exist)

Access http://youip:7001/_async/AsyncResponseService. (200 means it exists; 404 means it doesn't exist.)

02 bounce shell with poc

03 enable listening on the host Windows, and bounce back successfully

Product solution and support

Huayun Anlingdong ®threat and vulnerability Management platform (Ai.Vul) already supports one-click detection of this vulnerability.

The above is the editor for you to share how to analyze Weblogic wls9_async component vulnerability CVE-2019-2725, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.