WebLogic Pre-Auth RCE (cve-2020-14882) PoC exploit

Reference : 1. https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf

2. https://github.com/jas502n/CVE-2020-14882 (bypass patch)

cve-2020-14882 is a pre-auth RCE vulnerability in WebLogic discovered by voidfyoo of Chaitin Security Research Lab. This is a high impact and easy to exploit vulnerability.

Wrote a poc exploit to pop up calculator on target server


I just opened a HTB account two weeks ago. As part of preparing for my OSCP certificates. I will try to write some walk-through for some retired machines.