CVE-2018-2894 – Weblogic JSP File Upload

CVE-2018-2894 – Weblogic JSP File Upload vulnerability

Oracle weblogic suffers from a trivial file upload vulnerability. Here are the steps to reproduce the vulnerability.

1) Go to
If you can’t access This means the webservice test client is disabled for your weblogic server which is a good thing.

2) Change the Work Home Dir from “/u01/oracle/user_projects/domains/base_domain/tmp/WSTestPageWorkDir” to “/u01/oracle/user_projects/domains/base_domain/servers/AdminServer/tmp/_WL_internal/bea_wls_internal/9j4dqk/war”

NOTE: The weblogic domain home directory will be different for most installations

for e.g.: In the above case our domain home directory is /u01/oracle/user_projects/domains/base_domain. Another example of a domain home directory is /u01/app/oracle/product/wls/tnt/user_projects/domains/tnt_domain/.

3) Go to Security and add a keystore file. Upload the webshell cmd.jsp as a keystore file and click the Submit button.

4) Intercept the response in Burp and note the ID 1533718460334 in the response

5) Now access your webshell at


Leave a comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: