Method and device for automatically detecting Weblogic known loophole

An automatic detection and vulnerability technology, applied in electrical components, transmission systems, etc., can solve problems such as affecting user security, the server has no judgment method, affecting data availability, confidentiality and integrity, etc., to reduce manual detection and improve work. The effect of efficiency

Inactive Publication Date: 2018-11-06
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF2 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

An attacker could exploit this vulnerability to take control of the component, affecting the availability, confidentiality, and integrity of data
[0008] The above-mentioned vulnerabilities will seriously affect the security of users, and there is no active judgment method for the above-mentioned vulnerabilities in the current server

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for automatically detecting Weblogic known loophole
  • Method and device for automatically detecting Weblogic known loophole

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0040] Such as figure 1 As shown, the embodiment of the present invention is a method for automatically detecting known loopholes in WebLogic, and the method includes:

[0041]S1: Find the WebLogic server to be detected.

[0042] The implementation of this step is mainly divided into two categories, one is to enter the IP address and port, and the other is to use Shodan to achieve.

[0043] Enter the IP address and port in one of the following two ways:

[0044] Method 1: Enter the IP address and port of the WebLogic server to be detected.

[0045] Method 2: Input a file ip.txt, said file ip.txt contains one or more IP addresses and ports, and each IP address and port corresponds to a WebLogic server.

[0046] The principle of using Shodan to realize is: use Shodan to search WebLogic, Shodan's URL is https: / / www.shodan.io / , Shodan is a search engine, but it is different from Google, a search engine that searches URLs, Shodan uses To search for online devices in cyberspace,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for automatically detecting a Weblogic known loophole. The method comprises the following steps: S1, searching a Weblogic server needing to detect; S2, sending a HTTP request, judging whether a default management platform is existent, and loading common user name dictionary and a weak password dictionary if the default management platform is existent, exploding theaccount and judging whether the login is successful according to the length of a returned data packet; if the default management platform is inexistent, directly performing step S3; S3, sending the HTTP request, and detecting whether the CVE-2017-10271 loophole is existent by utilizing the public PoC; and S4, sending the HTTP request, and detecting whether the CVE-2018-2628 loophole is existent byusing the public PoC. Through the method provided by the invention, three loopholes (management background weak password, the CVE-2017-10271, and CVE-2018-2628) can be detected at present, and the security of the WebLogic server can be detected more comprehensively. The invention further provides a device for automatically detecting the WebLogic known loophole.

Description

technical field [0001] The invention relates to the technical field of software security, and more specifically, to a method and device for automatically detecting known loopholes in WebLogic. Background technique [0002] WebLogic is an application server produced by Oracle Corporation in the United States. To be precise, it is a middleware based on JAVAEE architecture, which is developed using pure java. WebLogic is a Java application server for developing, integrating, deploying and managing large-scale distributed Web applications, network applications and database applications. It introduces the dynamic functions of Java and the security of JavaEnterprise standard into the development, integration, deployment and under management. WebLogic fully complies with the J2EE 1.4 specification. [0003] WebLogic has a variety of features and advantages required to develop and deploy mission-critical e-commerce Web application systems, including high scalability, rapid develop...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1433H04L67/02H04L69/162
Inventor 陈栋
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap