Apache Jetspeed Arbitrary File Upload
This module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, version 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file upload clobbered the web interface beyond repair. No workaround has been found yet. Use this module at your own risk. No check will be implemented.
- Andreas Lindh
- wvu <wvu [at] metasploit.com>
- Apache Jetspeed <= 2.3.0 (Linux)
- Apache Jetspeed <= 2.3.0 (Windows)
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/http/apache_jetspeed_file_upload msf exploit(apache_jetspeed_file_upload) > show targets ...targets... msf exploit(apache_jetspeed_file_upload) > set TARGET <target-id> msf exploit(apache_jetspeed_file_upload) > show options ...show and set options... msf exploit(apache_jetspeed_file_upload) > exploit