Weblogic Remote Command Execution Vulnerability

As per the FoundStone Inc. advisory on this topic which is attached in full later in this entry:

" Assume that there is an application on the WebLogic server that writes user entered data to a file called "temp.txt".

Given below is JHTML/JSP code that will print "Hello World":

<java>out.println("Hello World");</java> (JHTML) -or-
<% out.println("Hello World"); %> (JSP)

If this code is somehow inserted in the file "temp.txt" via an application, then the following can be used to invoke forced compilation and execution of "temp.txt":

http://weblogic.site/*.jhtml/path/to/temp.txt (JHTML)
-or-

http://weblogic.site/*.jsp/path/to/temp.txt "


 

Privacy Statement
Copyright 2010, SecurityFocus