從 Web Log 學習系統漏洞 7

Oracle WebLogic Server 的遠端命令執行漏洞, 藉由發出假的HTTP請求來取得伺服器管理權限

212.174.162.170 - - [08/Apr/2018:19:34:20 +0800] "PROPFIND / HTTP/1.1" 405 236
212.174.162.170 - - [08/Apr/2018:19:34:20 +0800] "POST /wls-wsat/CoordinatorPortType HTTP/1.1" 404 226
201.159.135.113 - - [08/Apr/2018:19:38:50 +0800] "PROPFIND / HTTP/1.1" 405 236
201.159.135.113 - - [08/Apr/2018:19:38:51 +0800] "POST /wls-wsat/CoordinatorPortType HTTP/1.1" 404 226
85.21.233.164 - - [08/Apr/2018:22:46:55 +0800] "CONNECT api.ipify.org:443 HTTP/1.1" 405 235
112.66.108.27 - - [08/Apr/2018:22:50:45 +0800] "GET /currentsetting.htm HTTP/1.1" 404 216
177.35.179.149 - - [09/Apr/2018:17:51:45 +0800] "GET /cgi/common.cgi HTTP/1.1" 404 212
177.35.179.149 - - [09/Apr/2018:17:51:48 +0800] "GET /stssys.htm HTTP/1.1" 404 208
177.35.179.149 - - [09/Apr/2018:17:51:51 +0800] "GET / HTTP/1.1" 200 1692
177.35.179.149 - - [09/Apr/2018:17:51:54 +0800] "POST /command.php HTTP/1.1" 404 209
41.32.152.137 - - [09/Apr/2018:20:24:05 +0800] "PROPFIND / HTTP/1.1" 405 236
41.32.152.137 - - [09/Apr/2018:20:24:05 +0800] "POST /wls-wsat/CoordinatorPortType HTTP/1.1" 404 226
87.197.162.138 - - [09/Apr/2018:22:46:06 +0800] "GET / HTTP/1.0" 200 1692
211.23.154.138 - - [10/Apr/2018:08:46:56 +0800] "GET / HTTP/1.1" 200 1692
186.166.129.1 - - [10/Apr/2018:11:12:10 +0800] "PROPFIND / HTTP/1.1" 405 236
186.166.129.1 - - [10/Apr/2018:11:12:11 +0800] "POST /wls-wsat/CoordinatorPortType HTTP/1.1" 404 226
192.95.31.55 - - [10/Apr/2018:12:14:32 +0800] "GET /.git/config HTTP/1.0" 404 209
216.10.247.173 - - [10/Apr/2018:13:06:12 +0800] "GET / HTTP/1.1" 200 1692
216.10.247.173 - - [10/Apr/2018:13:06:12 +0800] "GET /HNAP1/ HTTP/1.1" 404 204