You can read the WAR, CLASS, XML(config.xml) and LOG(logs\WeblogicServer.log) files through this vulnerability.
The web.xml of wl_management_internal2 defined two servlets, FileDistributionServlet and BootstrapServlet. I downloaded the weblogic.jar file with the mentioned attack and decompiled the FileDistributionServlet.class:
The FileDistributionServlet had the following interesting function:
After the investigating the function, I constructed the following HTTP POST request:
This is simple as that. The prerequisite of this exploit is the default weblogic/weblogic account.
This is what I call real hacking!
;)
![ubuntu 16.04 源碼安裝httpd和php[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)