Oracle WebLogic Login Panel - Detect

What is the "Oracle WebLogic Login Panel - Detect?"

The "Oracle WebLogic Login Panel - Detect" module is designed to detect the presence of the Oracle WebLogic login panel. This module focuses on identifying the login panel and does not perform any further actions. It is used to check for misconfigurations or vulnerabilities related to the Oracle WebLogic login panel.

Oracle WebLogic is a Java-based application server used for building and deploying enterprise applications. It provides a secure and scalable platform for running Java applications.

This module has an informative severity level, which means it provides valuable information but does not indicate a direct security risk.

Author: bing0o, meme-lord

Impact

This module does not have a direct impact as it only detects the presence of the Oracle WebLogic login panel. However, the presence of the login panel may indicate potential security risks or misconfigurations that need to be addressed.

How does the module work?

The module works by sending an HTTP GET request to the "/console/login/LoginForm.jsp" path of the target. It then applies two matching conditions to determine if the Oracle WebLogic login panel is present:

- The first matching condition checks if the response contains the word "WebLogic". - The second matching condition checks if the response status is 200 (OK).

If both matching conditions are met, the module reports the detection of the Oracle WebLogic login panel.

Example HTTP request:

GET /console/login/LoginForm.jsp

The module does not perform any further actions beyond detecting the login panel.