CVE-2024-21181 Plugin #570
Conversation
|
|
||
| ### Oracle Library | ||
|
|
||
| The plugin needs the `wlclient.jar` library from Oracle WebLogic to communicate with the Oracle WebLogic server, but since it's proprietary software we can't include it in the repo. |
There was a problem hiding this comment.
Is the jar still needed with the current implementation?
There was a problem hiding this comment.
Hi @maoning, yes it is still required for the detection to work. Without it, the plugin will still compile (as to not disrupt the setup process), but it will exit early with a warning during the detection phase asking the user to recompile it with the Oracle library. Note that the warning is only printed AFTER fingerprinting, if a target is actually confirmed to be Weblogic, so it won't appear during scans on unrelated software.
|
Pushed a new version which does not use any Oracle libraries. The protocol was reverse-engineered and the network communications between the detector and the WebLogic server are all handled internally now. |
Hello,
here it is the detector for Weblogic CVE-2024-21181. The issue is detected via a DNS callback, hence the Tsunami Callback Server needs to be set up in order to recieve a DNS query properly.
You can find the tesbed here google/security-testbeds#102