Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Add Exploit: Oracle Application Testing Suite WebLogic Server Administration Console War Deployment #11846
This module abuses a feature in Oracle Application Testing Suite WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you administrator access.
The following is the exact setup I used to test and analyze the vulnerability:
For installation instructions, please refer to the Oracle Application Testing Suite Installation Guide.