From: Dio Pol (diopollon@gmail.com)
Date: Mon Feb 26 2007 - 07:04:26 EST
it's a good idea to read documentations from "site:bea.com" (could be
useful to find some interesting data...)
and take a look http://dev2dev.bea.com/advisoriesnotifications/ too
cheers,
dio spaventapassere
Dieter wrote:
> Hallo list,
>
> In pentesting a customer web application, I discovered a weakness in
> the BEA WebLogic Server Administration console appears to be available
> over the public network. This is BEA WebLogic Server 8.1.
>
> Do any folks have tips, suggestions, or checklist for things to check
> against this page or BEA WebLogic? I have tried brute forcing the
> login page which will lock out the administrators, and I don't know
> the usernames yet. I have tested for default BEA passwords but
> nothing.
>
> This PeopleSoft web application runs on WebLogic Server 8.1.
>
> Thank you, Dieter
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:36 EDT