WebLogic CSRF Demo

If the conditions were right, this page used a CSRF exploit to add the unprivileged user "SpongebobWasHere" to your WebLogic domain. The conditions for making it work are as follows:

The realm and authenticator names are defaults during domain creation. If the exploit worked, you now have a new user in your realm.

This page was tested with Firefox 2.0.0.1 and WLS 8.1.4.

This page is a demonstration of a CSRF attack against WebLogic console and is part of the post entitled How to Protect Against CSRF Attacks