module

Java Applet Reflection Type Confusion Remote Code Execution

Disclosed
01/10/2013
Created
05/30/2018

Description

This module abuses Java Reflection to generate a Type Confusion, due to a weak
access control when setting final fields on static classes, and run code outside of
the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This
exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is
applied mainly to IE, when Java Web Start can be launched automatically throw the
ActiveX control. Otherwise the applet is launched without click-to-play bypass.

Authors

Jeroen Frijtersjuan vazquez

Platform

Java,Linux,OSX,Windows

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/multi/browser/java_jre17_reflection_types
    msf /(s) > show actions
        ...actions...
    msf /(s) > set ACTION < action-name >
    msf /(s) > show options
        ...show and set options...
    msf /(s) > run
  
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.