Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

BEA Weblogic pentest
From: Dieter <dieterlot () gmail com>
Date: Thu, 22 Feb 2007 12:43:45 -0600
Hallo list,

In pentesting a customer web application, I discovered a weakness in
the BEA WebLogic Server Administration console appears to be available
over the public network.  This is BEA WebLogic Server 8.1.

Do any folks have tips, suggestions, or checklist for things to check
against this page or BEA WebLogic?  I have tried brute forcing the
login page which will lock out the administrators, and I don't know
the usernames yet.  I have tested for default BEA passwords but
nothing.

This PeopleSoft web application runs on WebLogic Server 8.1.

Thank you, Dieter

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]