Refer to the content of many posts in the cloud Zone, organized the next
Weblogic
1. Write the shell to the console images directory and write to:
weblogic/wlserver_10.3/server/lib/consoleapp/webapp/framework/skins/wlsconsole/images/shell.jsp
Access:
http://www.xxoo.com:7001/console/framework/skins/wlsconsole/images/shell.jsp
2, write to the already deployed Site directory (to find the active application), first through the PWD or cmd/c dir, read./config/config.xml View the war deployment path, reference path, and so on. Write to:
oracle/middleware/user_projects/domains/application/servers/adminserver/tmp/_wl_user/Project name/random character/war/shell.jsp
Visit: HTTP://WWW.XXOO.COM:7001/Project name/shell.jsp
3, the third type: write to the Uddiexplorer directory, the default open Uddiexplorer write to:
oracle/middleware/user_projects/domains/base_domain/servers/adminserver/tmp/_wl_internal/uddiexplorer/Random character/war /shell.jsp
Visit: http://www.xxoo.com:7001/uddiexplorer/shell.jsp
4, in the development mode, the war package is placed in the Autodeploy directory, will be automatically deployed
5, to be said
JAVA commonscollections WebLogic Write shell of the deserialization vulnerability