CVE-2017-10271

This Metasploit module exploits a deserialization vulnerability in Oracle WebLogic's wls-wsat component (CVE-2017-10271) by sending a crafted SOAP XML payload to execute arbitrary commands. The exploit leverages Java deserialization via ProcessBuilder to achieve remote code execution on vulnerable WebLogic servers.

This exploit leverages a deserialization vulnerability in Oracle WebLogic Server's wls-wsat component to achieve remote code execution. It crafts malicious SOAP requests containing serialized Java objects to execute arbitrary commands, supporting both Unix and Windows targets.

This exploit leverages a deserialization vulnerability in Oracle WebLogic Server's WLS-WSAT component to achieve blind remote command execution. It crafts a malicious SOAP request with an XMLDecoder payload to execute arbitrary commands via Java's ProcessBuilder.

This repository provides a detailed writeup and references for CVE-2017-10271, a deserialization vulnerability in Oracle WebLogic. It includes links to external PoCs and technical analyses but does not contain functional exploit code itself.

This repository contains a functional exploit tool for CVE-2019-2725, a deserialization vulnerability in Oracle WebLogic Server. The tool includes multiple payloads for different versions of WebLogic and provides a GUI for executing checks and exploits.

This repository contains a functional exploit for CVE-2017-10271, an unauthenticated RCE vulnerability in Oracle WebLogic Server. The exploit leverages XML deserialization via the wls-wsat endpoint to execute arbitrary commands.

This repository contains a functional exploit for CVE-2017-10271, targeting Oracle WebLogic Server's wls-wsat component via deserialization to achieve remote code execution. The exploit includes payloads for both Unix and Windows targets, along with check functionality to verify vulnerability.

The repository contains only a README with a title and an image link, lacking any technical details or exploit code. It appears to be a placeholder or lure for external downloads.

This repository contains a functional Python script that exploits CVE-2019-2725, a deserialization vulnerability in Oracle WebLogic Server. The PoC sends a malicious SOAP request to trigger remote code execution via the AsyncResponseService endpoint.

This repository contains a functional exploit for CVE-2017-10271, a blind remote command execution vulnerability in Oracle WebLogic Server. The exploit leverages XML deserialization via a crafted SOAP request to execute arbitrary commands on the target system.

This repository contains a low-interaction honeypot designed to detect exploitation attempts of CVE-2017-10271, a remote code execution vulnerability in Oracle WebLogic Server. The honeypot simulates a vulnerable WebLogic server and logs attempts to exploit the vulnerability.

This repository contains a functional exploit for CVE-2017-10271, a deserialization vulnerability in Oracle WebLogic's wls-wsat component. The exploit sends crafted SOAP requests to execute arbitrary commands (ping) on both Windows and Linux systems, using DNS log queries via ceye.io to confirm successful execution.

This repository contains a functional exploit for CVE-2017-10271, which targets Oracle WebLogic Server's WLS-WSAT component. The exploit leverages XML deserialization to achieve remote code execution by crafting a malicious SOAP request with a Java ProcessBuilder payload.

This repository provides a technical overview and references for CVE-2017-10271, a deserialization vulnerability in Oracle WebLogic. It includes links to external PoCs and detailed analysis but does not contain functional exploit code itself.

This repository contains a scanner for CVE-2017-10271, a Java deserialization vulnerability in Oracle WebLogic Server. It uses crafted SOAP requests to trigger a ping command and listens for ICMP responses to detect vulnerable hosts.

This repository contains a functional Rust-based exploit for CVE-2017-10271, targeting Oracle WebLogic Server's WLS-WSAT component. The exploit sends a crafted SOAP request with malicious Java deserialization payloads to achieve remote code execution (RCE).

This repository contains a functional Python exploit for CVE-2017-10271, a deserialization vulnerability in Oracle WebLogic Server. The exploit sends a malicious SOAP request with a crafted XML payload to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2017-10271, targeting Oracle WebLogic Server's WLS-WSAT component. The exploit leverages XML deserialization to achieve remote code execution via `java.lang.Runtime` or `java.lang.ProcessBuilder`.

This repository contains a functional Python exploit for CVE-2019-2729, a WebLogic deserialization vulnerability. The exploit uses ysoserial to generate a malicious payload and crafts a SOAP request to trigger remote code execution.

This repository contains a functional exploit for CVE-2017-10271, a deserialization vulnerability in Oracle WebLogic Server's WLS-WSAT component. The exploit allows unauthenticated remote code execution via crafted SOAP requests with malicious XMLDecoder payloads.

This repository contains a simplified PoC for CVE-2017-10271, demonstrating an XMLDecoder deserialization vulnerability in WebLogic. The exploit leverages unsafe deserialization of XML input to achieve remote code execution (RCE).

This repository contains functional exploit code for CVE-2017-10271, a deserialization vulnerability in Oracle WebLogic Server. The exploit leverages XMLDecoder to execute arbitrary commands via a crafted SOAP request, with support for both Linux and Windows targets.

The repository claims to be a Java deserialization vulnerability exploitation tool for CVE-2017-10271 but provides no actual code, technical details, or proof-of-concept. The README is vague and lacks substance, typical of suspicious repos.

This repository contains a functional exploit for CVE-2017-10271, a bypass for the incomplete patch of CVE-2017-3506 in Oracle WebLogic's WLS-WSAT component. The exploit leverages XMLDecoder deserialization to achieve remote code execution (RCE) by sending crafted SOAP requests.

The repository contains only a README with a screenshot and no actual exploit code or technical details. It references a CVE but provides no functional PoC or analysis.

This repository provides functional exploit code for CVE-2017-10271, a bypass of the patch for CVE-2017-3506 in Oracle WebLogic's WLS-WSAT component. It includes detailed technical analysis of the vulnerability, patch bypass mechanisms, and multiple PoC payloads for remote code execution via XMLDecoder deserialization.

The repository contains functional exploit code for CVE-2017-10271, a deserialization vulnerability in Oracle WebLogic Server's WLS-WSAT component. The exploit leverages XMLDecoder to achieve remote code execution by writing a malicious JSP file or executing arbitrary commands.

This repository contains a functional exploit tool for CVE-2017-10271, targeting Oracle WebLogic Server. The tool includes features for server detection, vulnerability scanning, file upload, command execution, and reverse shell capabilities.

The repository contains only a Dockerfile and a README, providing a vulnerable environment for CVE-2017-10271 but no actual exploit code or technical details. It references external sources for the vulnerable image but lacks functional PoC or analysis.

This repository contains functional exploit code for CVE-2017-10271, a deserialization vulnerability in Oracle WebLogic Server. The exploit allows unauthenticated remote command execution via crafted SOAP requests targeting the WLS Security component.

This repository contains functional exploit code for CVE-2017-10271, a deserialization vulnerability in Oracle WebLogic Server's WLS-WSAT component. The exploit includes command execution with output and shell upload capabilities, targeting versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, and 12.2.1.2.0.

The repository provides a detailed technical analysis of CVE-2017-10271, including patch bypass techniques, affected versions, and a partial PoC for CVE-2017-3506. It explains the vulnerability in the WebLogic WLS component and the inadequacy of the initial patch.

This repository contains a Python-based scanner for detecting multiple WebLogic vulnerabilities, including CVE-2017-10271. It checks for the presence of vulnerabilities but does not exploit them.

This Metasploit module exploits a deserialization vulnerability in Oracle WebLogic's WLS WSAT component to achieve remote code execution. It crafts a malicious SOAP request containing a ProcessBuilder payload to execute arbitrary commands on the target system.