Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE
com.supeream.CVE_2020_2555
/*
* author:Y4er.com
*
* gadget:
* BadAttributeValueExpException.readObject()
* com.tangosol.util.filter.LimitFilter.toString()
* com.tangosol.util.extractor.ChainedExtractor.extract()
* com.tangosol.util.extractor.ReflectionExtractor.extract()
* Method.invoke()
* ...
* Runtime.getRuntime.exec()
*/
This only works in JDK 8u76 and WITHOUT a security manager, because of BadAttributeValueExpException
in here:
https://github.com/JetBrains/jdk8u_jdk/commit/af2361ee2878302012214299036b3a8b4ed36974#diff-f89b1641c408b60efe29ee513b3d22ffR70
And Please replace coherence.jar
with your weblogic version, if not, you will get serialVersionUID inconsistent error.
Only test on Centos jdk8u202 Weblogic 12.2.1.4.