| To: | Dieter <dieterlot@gmail.com> |
|---|---|
| Subject: | Re: BEA Weblogic pentest |
| From: | Dio Pol <diopollon@gmail.com> |
| Date: | Mon, 26 Feb 2007 13:04:26 +0100 |
| Cc: | pen-test@securityfocus.com |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=ozhZGf1T1ebym1YtnHbwkpbeMZJlNSMnjzzMWfSEnoUEgBHs6UoNzZoPpL6cH93H2w1dXDXhWCSk2d2GUHAZXcG2diDORTcFVh5C5aIwr5FS1GNPLzoaIk7rY9Pa6wcUMebohqXtn6biAsl9tKrF5YAR/zIiqX9D+ajyByZNtQw= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=sMQwoNzzjX69V5/m1V/nkZUiC39NE4pcr7ODx4f/uWdsrFuUCXOysiOCFr2mLVOCVXp2Hl7KGx98SzpEo1oxOGuqMjNj/O5K0oekErAxebIHp2d3eSxx+bd8/lQ89Rr2B0oQ/os5MZaUwD6pIkUwu51+U6ASlcxkAgMy3mKi3i0= |
| In-reply-to: | <2dfae2010702221043wcb920d8xd09d9c75a499df0b@mail.gmail.com> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <2dfae2010702221043wcb920d8xd09d9c75a499df0b@mail.gmail.com> |
| Resent-date: | Mon, 26 Feb 2007 13:29:21 -0700 (MST) |
| Resent-from: | pen-test-return-1078483636@securityfocus.com |
| Resent-message-id: | <20070226202921.CDA4D2396F0@outgoing3.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
| User-agent: | Thunderbird 1.5.0.9 (Windows/20061207) |
it's a good idea to read documentations from "site:bea.com" (could be
useful to find some interesting data...)
and take a look http://dev2dev.bea.com/advisoriesnotifications/ too cheers, dio spaventapassere Dieter wrote: Hallo list, In pentesting a customer web application, I discovered a weakness in the BEA WebLogic Server Administration console appears to be available over the public network. This is BEA WebLogic Server 8.1. Do any folks have tips, suggestions, or checklist for things to check against this page or BEA WebLogic? I have tried brute forcing the login page which will lock out the administrators, and I don't know the usernames yet. I have tested for default BEA passwords but nothing. This PeopleSoft web application runs on WebLogic Server 8.1. Thank you, Dieter ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE.http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Websites Finding, Aman Raheja |
|---|---|
| Next by Date: | Re: question on escalating privileges via suid vulnerabilities, Christoph Bussenius |
| Previous by Thread: | RE: BEA Weblogic pentest, Darren Webb |
| Next by Thread: | RE: BEA Weblogic pentest, Levenglick, Jeff |
| Indexes: | [Date] [Thread] [Top] [All Lists] |