CVE-2020-2883

This repository contains functional exploit code for CVE-2020-2883, a deserialization vulnerability in WebLogic. It includes detailed technical analysis, proof-of-concept code for Java deserialization attacks, and memory shell injection techniques.

This repository contains a functional exploit for CVE-2020-2883, a deserialization vulnerability in Oracle WebLogic Server. The exploit leverages a crafted PriorityQueue with a ChainedExtractor to achieve remote code execution (RCE) by manipulating serialized objects.

This repository contains functional exploit code for CVE-2020-2883, a deserialization vulnerability in Oracle WebLogic. It includes two distinct gadget chains (Gadget1 and Gadget2) that leverage Java deserialization to achieve remote code execution (RCE) via crafted payloads.

This repository contains functional exploit code for CVE-2020-2883, a deserialization vulnerability in Oracle WebLogic Server. It includes two distinct gadget chains leveraging PriorityQueue and Tangosol extractors to achieve remote code execution (RCE) via crafted T3 protocol payloads.

This repository contains a functional exploit for CVE-2020-2883, a deserialization vulnerability in Oracle Coherence. The exploit sends a crafted T3 protocol payload to achieve remote code execution (RCE) on vulnerable Oracle Coherence servers.

This repository contains a functional exploit PoC for CVE-2020-2883, leveraging Java deserialization vulnerabilities in Oracle WebLogic Server. The exploit uses crafted gadget chains (e.g., BadAttributeValueExpException, PriorityQueue) to achieve remote code execution (RCE) via reflection and method invocation.

The repository contains only a minimal README with a CVE reference and version compatibility notes, lacking any exploit code or technical details.

This repository contains functional exploit code for CVE-2020-2551, a WebLogic IIOP deserialization vulnerability. The PoC includes Java-based exploit code that leverages RMI to achieve remote code execution on vulnerable WebLogic servers.

This repository contains a Python-based scanner for detecting multiple WebLogic vulnerabilities, including CVE-2020-2883. It checks for the presence of vulnerable modules but does not include exploit code for achieving remote code execution or other offensive actions.

This Metasploit module exploits a Java deserialization vulnerability (CVE-2020-2883) in Oracle WebLogic Server by sending a malicious serialized `BadAttributeValueExpException` object over the T3 protocol. It achieves unauthenticated remote code execution by leveraging an `ExtractorComparator` to trigger arbitrary method invocation.