A recent vulnerability was sent in to Detectify Crowdsource regarding an unauthenticated remote code execution (RCE) in Oracle WebLogic Server. It is easily exploited and this video shows the proof of concept.

We’ve now automated a security test for the CVE-2018-2894 Oracle WebLogic RCE in the Detectify web security scanner.