Oracle WebLogic Server Administration Console Handle Remote Code Execution

Posted by deepcore on November 20, 2020 – 9:25 pm

This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic’s Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0 from Vulhub (Linux) and on Windows. Warning! Multiple sessions may be created by exploiting this vuln.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [local] Zortam Mp3 Media Studio 27.60 – Remote Code Execution (SEH) Sokrates SOWA SowaSQL Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Oracle WebLogic Server Administration Console Handle Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL