CVE-2020-14882

This exploit leverages an unauthenticated RCE vulnerability in Oracle WebLogic Server 12.2.1.0 via path traversal and MVEL expression injection. It allows arbitrary command execution by sending a crafted request to the vulnerable endpoint.

The repository contains a working proof-of-concept exploit for CVE-2018-7600, a remote code execution vulnerability in Drupal. The exploit leverages the Drupalgeddon 2 vulnerability to execute arbitrary commands on vulnerable Drupal installations.

This repository provides a working proof-of-concept exploit for CVE-2020-14882, an unauthorized bypass RCE vulnerability in Oracle WebLogic Server. The exploit leverages a bypass of the patch for CVE-2020-14750 by using case manipulation in URL encoding to execute arbitrary commands via a malicious MVEL expression.

This is a functional exploit for CVE-2020-14882, targeting Oracle WebLogic Server. It leverages a deserialization vulnerability in the console component to achieve remote command execution (RCE) via crafted HTTP requests.

This PoC exploits CVE-2020-14882, a remote code execution vulnerability in Oracle WebLogic Server. It sends a crafted POST request with an MVEL expression payload to execute arbitrary commands on the target system.

This is a functional exploit for CVE-2020-14882, targeting Oracle WebLogic Server via a path traversal and deserialization vulnerability to achieve remote code execution (RCE). The script supports both command execution (WebLogic 12) and XML payload deployment (WebLogic 10).

This PoC exploits CVE-2020-14882, a path traversal vulnerability in Oracle WebLogic Server, to achieve remote code execution (RCE) via a crafted URL and payload. The exploit leverages the MVEL expression language to execute arbitrary commands on the target system.

This repository contains a multi-vulnerability scanner for various software, including exploits for CVE-2020-14882 (Oracle WebLogic). It uses DNS log checks and HTTP requests to test for vulnerabilities.

This repository contains a Python script that checks for the presence of CVE-2020-14882, a path traversal vulnerability in Oracle WebLogic Server. The script sends a crafted HTTP request to a list of targets and checks for a specific string in the response to determine vulnerability.

This PoC exploits CVE-2020-14882, an unauthenticated RCE vulnerability in Oracle WebLogic Server. It uses two different exploitation methods depending on the target version: ShellSession for versions >= 12.2.1 and FileSystemXmlApplicationContext for older versions.

This is a functional exploit for CVE-2020-14882, targeting Oracle WebLogic Server via an unauthenticated RCE vulnerability in the console component. It uses a crafted payload to execute arbitrary commands via MVEL expression injection.

This is a functional exploit for CVE-2020-14882, targeting Oracle WebLogic Server. It leverages an MVEL expression injection vulnerability to achieve remote code execution (RCE) by manipulating the console.portal endpoint.

This PoC exploits CVE-2020-14882, an unauthorized bypass RCE vulnerability in Oracle WebLogic Server. It sends a crafted POST request to execute arbitrary commands via MVEL expression injection, specifically running 'ipconfig' to verify exploitation.

This repository provides detection rules and guidance for identifying exploitation attempts of CVE-2020-14882 and CVE-2020-14750, which are unauthenticated RCE vulnerabilities in Oracle WebLogic Server. It includes Zeek scripts for monitoring and alerting on exploit attempts via GET/POST methods.

The repository contains only a README with a link to an external GitHub repository and minimal details about the vulnerability. No actual exploit code or technical analysis is provided.

This repository contains a README with images demonstrating the exploitation of CVE-2020-14882, a vulnerability in Oracle WebLogic Server. No actual exploit code is provided, only visual evidence of successful exploitation.

This PoC exploits CVE-2020-14882, a remote code execution vulnerability in Oracle WebLogic Server. It leverages a path traversal and deserialization flaw to execute arbitrary commands via a crafted POST request.

This repository provides a proof-of-concept exploit for CVE-2020-14882, demonstrating how to deploy an in-memory web shell (冰蝎) on vulnerable Oracle WebLogic Server instances. It leverages the com.tangosol.coherence.mvel2.sh.ShellSession gadget to execute arbitrary code and load a malicious JAR file via URLClassLoader.

This repository provides a proof-of-concept for CVE-2020-14882, an authentication bypass vulnerability in Oracle WebLogic Server. The exploit leverages a path traversal technique via a crafted HTTP GET request to bypass authentication and access the admin console.

This PoC exploits CVE-2020-14882, a deserialization vulnerability in Oracle WebLogic Server, to achieve remote code execution (RCE). It includes payloads for both WebLogic 12.2 and 12.1, leveraging MVEL expressions and serialized Java objects to execute arbitrary commands.

This is a Python-based exploit for CVE-2020-14882, an unauthenticated RCE vulnerability in Oracle WebLogic Server. It crafts a malicious GET request to execute arbitrary commands via MVEL expression injection.

This PoC exploits CVE-2020-14882 (unauthorized access) and CVE-2020-14883 (RCE) in Oracle WebLogic Server by leveraging path traversal and JNDI injection to achieve remote command execution. It includes interactive command execution for verified vulnerable targets.

This is a GUI-based PoC for CVE-2020-14882, an RCE vulnerability in Oracle WebLogic Server. It crafts a malicious request to exploit the deserialization flaw via the console path, allowing arbitrary command execution.

This repository contains a Bash script that exploits CVE-2020-14882, an unauthenticated remote command execution vulnerability in Oracle WebLogic. The script sends a crafted POST request to trigger the execution of 'calc.exe' via MVEL expression injection.

This Bash script tests for CVE-2020-14882, an authentication bypass in Oracle WebLogic, by sending a crafted POST request to a path traversal endpoint. It also demonstrates the associated RCE (CVE-2020-14883) by executing a curl command via MVEL expression injection.

This PoC checks for CVE-2020-14882, an RCE vulnerability in Oracle WebLogic Server. It exploits a path traversal and deserialization flaw to execute arbitrary code via a crafted HTTP request, confirming vulnerability by injecting a test string.

This Python script exploits CVE-2020-14882, a remote code execution vulnerability in Oracle WebLogic Server, by sending crafted HTTP requests to execute arbitrary commands via PowerShell and retrieve output through a temporary HTTP listener.

This PowerShell script exploits CVE-2020-14882 to achieve unauthenticated remote code execution on Oracle WebLogic Server by sending a crafted GET request. The exploit leverages a path traversal and deserialization vulnerability to execute arbitrary commands.

This is a functional exploit for CVE-2020-14882, targeting Oracle WebLogic Server. It leverages an unsafe deserialization vulnerability in the console to achieve remote code execution (RCE) via MVEL expression injection.

This repository provides a working proof-of-concept for CVE-2020-14882, a critical RCE vulnerability in Oracle WebLogic Server. The exploit leverages a path traversal and XML external entity injection to achieve remote code execution on vulnerable WebLogic instances.

This is a functional exploit for CVE-2020-14882, targeting Oracle WebLogic Server 12.2.1.0. It leverages an unauthenticated RCE vulnerability via MVEL expression injection in the console portal, allowing arbitrary command execution.

This PoC exploits CVE-2020-14882, a remote code execution vulnerability in Oracle WebLogic Server. It leverages an unsafe deserialization flaw in the console to execute arbitrary commands via MVEL expressions.

This repository contains a GUI-based exploit for CVE-2020-14882, targeting Oracle WebLogic Server. It supports reverse shell functionality and includes proxy features for enhanced usability.

This script scans for Oracle WebLogic servers vulnerable to CVE-2020-14882 by checking the version via HTTP responses. It identifies vulnerable versions but does not exploit the vulnerability.

This PoC exploits CVE-2020-14882, an RCE vulnerability in Oracle WebLogic Server, by leveraging path traversal and deserialization to execute arbitrary commands. It includes examples for launching calc.exe and a reverse shell via a malicious XML file.

This repository contains a Python-based scanner for detecting multiple WebLogic vulnerabilities, including CVE-2020-14882. It checks for the presence of vulnerabilities but does not exploit them.

This repository provides a detailed technical writeup on Active Directory Certificate Services (ADCS) exploitation techniques, specifically focusing on misconfigured certificate templates (ESC1, ESC2, ESC3, ESC4). It includes command examples, tool references, and step-by-step exploitation methods for privilege escalation in AD environments.