Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A weblogic deserialization vulnerability scanning detection method and tool

A vulnerability scanning and deserialization technology, which is applied in the fields of instruments, calculations, and electrical digital data processing, etc., can solve problems such as being vulnerable to attacks, and achieve the effects of reducing manual intervention and facilitating installation and use

Active Publication Date: 2018-10-26
STATE GRID CHONGQING ELECTRIC POWER CO ELECTRIC POWER RES INST +2
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Similarly, the maintenance of this type of middleware is also facing more and more challenges. The core and key systems of customers are deployed on the Weblogic platform. Once serious vulnerabilities or emergency failures occur, they are vulnerable to attacks. If they cannot be resolved in time, the consequences will be severe. will be unimaginable
The same type of tools on the Internet, take WebLogic_EXP as an example, this tool can only perform functions such as vulnerability verification and command execution on one target

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A weblogic deserialization vulnerability scanning detection method and tool
  • A weblogic deserialization vulnerability scanning detection method and tool
  • A weblogic deserialization vulnerability scanning detection method and tool

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0098] Such as Figure 1-3 As shown, a Weblogic deserialization vulnerability scanning detection method provided in this embodiment includes the following steps:

[0099] S1: Obtain the document to be detected;

[0100] S2: Start the Weblogic deserialization vulnerability scanning detection tool;

[0101] S3: Scan the document to be detected for vulnerabilities;

[0102] S4: Determine whether the document to be detected has a vulnerability, and if so, output the vulnerability information of the host;

[0103] S5: If not, return to the step to continue scanning until the end of scanning.

[0104] Also includes the following steps:

[0105] S61: Perform vulnerability verification on the document to be detected;

[0106] S62: judging whether the document to be detected is connected successfully, if not, then end;

[0107] S63: if successful, execute the command and display the result;

[0108] S64: judge whether to end the verification process, if not, return to the step t...

Embodiment 2

[0180] Such as figure 2 As shown, the Weblogic deserialization vulnerability scanning detection method provided in this embodiment is used for vulnerability scanning and vulnerability verification: firstly call the main function and entry point of the Weblogic deserialization vulnerability scanning detection tool program; then initialize the Weblogic deserialization vulnerability scanning The main interface of the detection tool; generate the button on the main interface of the Weblogic deserialization vulnerability scanning detection tool; select the thread of the vulnerability scanning module, or select the thread of the vulnerability verification module; connect to the server and register the function; execute the command function; finally release the connection function. Weblogic deserialization vulnerability scanning detection supports multi-host address and multi-port vulnerability scanning. Friendly interface, low requirements for personnel ability, suitable for any pe...

Embodiment 3

[0204] In this embodiment, a tool generated by Weblogic deserialization vulnerability scanning detection scans a target server as an example for illustration.

[0205] 1. Vulnerability scanning

[0206] (1) Double-click "run.bat" to start the self-developed weblogic_unserialize_tool tool and select the "Vulnerability Scanning" module;

[0207] (2) Enter the scanning address range and port range, and set the scanning thread, for example: the address range is "192.168.56.101,192.168.56.102", the port range is "7000-7010", and the thread is set to 5;

[0208] (3) Click the "Scan" button to scan, and the tool will display the scanning progress and the host information with vulnerabilities;

[0209] 2. Vulnerability verification

[0210] (1) Select the "vulnerability verification" module, enter the target host information, and select the operating system, for example: the target host IP is "192.168.56.102", the port is "7001", and the operating system is "Windows";

[0211] (2) ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a Weblogic deserialization vulnerability scanning detection method and device. The method comprises the following steps: firstly obtaining a to-be-detected document; starting a weblogic deserialization vulnerability scanning detection tool; carrying out vulnerability scanning on the to-be-detected document; and finally judging whether the to-be-detected document has vulnerability or not, if the judging result is positive, outputting vulnerability information of a host, and if the judging result is negative, returning to continue the scanning until the scanning is finished. According to the Weblogic deserialization vulnerability scanning detection method provided by the invention, vulnerability scanning and verification are carried out on a server which is deployed with Weblogic on the basis of Java deserialization vulnerability, so that real-time search, reliability, rapidness and convenience mounting and using can be achieved. Scanning can be carried out to verify whether the server which is deployed with weblogic has Java deserialization vulnerability or not, and the server can be utilized, so that simplicity and high efficiency are provided, the manual intervention is decreased, an automatic diagnosis function is realized and a support is provided for the system safety.

Description

technical field [0001] The invention relates to the fields of information security and web page architecture, in particular to a Weblogic deserialization vulnerability scanning detection method. Background technique [0002] WebLogic is a middleware based on JAVAEE architecture. WebLogic is a Java application server for developing, integrating, deploying and managing large-scale distributed Web applications, network applications and database applications. Introduce the dynamic functions of Java and the security of Java Enterprise standard into the development, integration, deployment and management of large-scale network applications. Weblogic is widely used in telecommunications, finance, electricity, aviation, government and other industries. [0003] Java serialization is to convert objects into byte streams for easy storage in memory, files, and databases; deserialization is the reverse process, which restores objects from byte streams. If the Java application deserial...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 朱珠韩世海张森张伟雷娟景钰文杨峰赵长松
Owner STATE GRID CHONGQING ELECTRIC POWER CO ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products