This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic’s Administration Console to execute code as the WebLogic user. Versions,,,, and are known to be affected. Tested against from Vulhub (Linux) and on Windows. Warning! Multiple sessions may be created by exploiting this vuln.

Leave a comment