If the conditions were right, this page used a CSRF exploit to add the unprivileged user "SpongebobWasHere" to your WebLogic domain. The conditions for making it work are as follows:
The realm and authenticator names are defaults during domain creation. If the exploit worked, you now have a new user in your realm.
This page was tested with Firefox 18.104.22.168 and WLS 8.1.4.
This page is a demonstration of a CSRF attack against WebLogic console and is part of the post entitled How to Protect Against CSRF Attacks