From 4dafc3719d064a71518c015bbb5320054615f302 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 4 Dec 2016 17:50:00 +0000
Subject: [PATCH] Updates the fingerprint for WebLogic 9 to cover also versions
 10 and 12

---
 CHANGELOG                                     |  2 +-
 .../http-default-accounts-fingerprints.lua    | 22 ++++++++++++++-----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 588810383..09a2d681e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -37,7 +37,7 @@ o [NSE] Enabled resolveall to run against any target provided as a hostname, so
   the resolveall.hosts script-arg is no longer required. [Daniel Miller]
 
 o [NSE] Updated fingerprints for script http-default-accounts with 20 new
-  fingerprints. 4 fingerprints have been broadened to cover more variants.
+  fingerprints. 5 fingerprints have been broadened to cover more variants.
   [nnposter]
 
 o [NSE][GH#577] Script http-default-accounts now can test systems that return
diff --git a/nselib/data/http-default-accounts-fingerprints.lua b/nselib/data/http-default-accounts-fingerprints.lua
index 66a190c48..633f194e2 100644
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -356,8 +356,8 @@ table.insert(fingerprints, {
 })
 
 table.insert(fingerprints, {
-  -- Version 9.2
-  name = "WebLogic Server Console 9.x",
+  -- Version 8.1, 9.2, 10.3.4, 10.3.6, 12.1.2
+  name = "WebLogic Server Console",
   category = "web",
   paths = {
     {path = "/console/"}
@@ -365,17 +365,29 @@ table.insert(fingerprints, {
   target_check = function (host, port, path, response)
     local loc = response.header["location"] or ""
     return response.status == 302
-           and loc:find("/console/login/LoginForm%.jsp;")
+           and loc:find("/console/login/LoginForm%.jsp%f[;\0]")
   end,
   login_combos = {
-    {username = "weblogic", password = "weblogic"}
+    -- WebLogic 9.x
+    {username = "weblogic", password = "weblogic"},
+    -- WebLogic 10.x, 12.x
+    {username = "weblogic", password = "weblogic1"},
+    {username = "weblogic", password = "welcome1"},
+    -- Adobe LiveCycle ES
+    {username = "weblogic", password = "password"},
+    -- PeopleSoft
+    {username = "system", password = "Passw0rd"}
   },
   login_check = function (host, port, path, user, pass)
     local req = http_post_simple(host, port,
                                 url.absolute(path, "j_security_check"), nil,
                                 {j_username=user,j_password=pass,j_character_encoding="UTF-8"})
     local loc = req.header["location"] or ""
-    return req.status == 302 and loc:find("/console;")
+    -- WebLogic 8.x, 9.x
+    if req.status == 403 then return false end
+    -- WebLogic 10.x, 12.x
+    if req.status == 302 and loc:find("/console/login/LoginForm%.jsp$") then return false end
+    return true
   end
 })