AT&T Authentication Bypass and Remote Code Execution


V-spot pentesters were able to identify a critical vulnerability in AT&T’s server. This discovery highlights the urgent need for continuous vigilance in the cybersecurity field. If left unaddressed, this flaw could allow unauthorized access, leading to a range of serious security issues.

Vulnerable Website Overview

The vulnerability was identified on AT&T server management website, where the Authentication Bypass on WebLogic Server Version could lead to Remote Code Execution (RCE).

What’s the Issue?

The core issue lies in the ability to bypass authentication, allowing unauthorized access to sensitive server functions. Once inside, a potential attacker can change server configurations or run malicious code.

How Can This Be Exploited?

The exploitation of this vulnerability is alarmingly simple. Here’s a step-by-step breakdown:

  1. Open the Site: Navigate to the vulnerable website that is running WebLogic Server Version
  2. Bypass Authentication: By directing our browser to /console/images/%252E%252E%252Fconsole.portal?_nfpb=true&_pageLabel=HomePage1, we can bypass the main login.
  3. Navigate Admin Panel: Once in, we can move between tabs in the admin panel by copying a button link and changing http to https.

What’s the Impact?

The implications of this vulnerability are extensive:

  • Server Configuration Changes: Unauthorized users can alter server settings.
  • Remote Code Execution: Malicious code can be run via WLST Script with existing CVE’s POC on WebLogic Server.
  • Sensitive Data Disclosure: This version of the WebLogic Server is vulnerable to certain exploits, leading to unauthorized access and the potential exposure of sensitive data..

Leave a Reply

Your email address will not be published. Required fields are marked *