Oracle WebLogic Application Security


This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. It’s useful during black-box security audits, pentests, and infrastructure audits, including automated vulnerability scanning. To set up an example playground, we will use the following docker container: docker run -p7001:7001 –name weblogic –rm vulhub/weblogic: Again, we need to have management rights & access to the administrator console (/console web endpoint) to cause remote code execution in Oracle WebLogic. In…