module
JBoss Seam 2 File Upload and Execute
| Disclosed | Created |
|---|---|
| Aug 5, 2010 | May 30, 2018 |
Disclosed
Aug 5, 2010
Created
May 30, 2018
Description
Versions of the JBoss Seam 2 framework sanitize inputs to some JBoss Expression Language expressions. As a
result, attackers can gain remote code execution through the
application server. This module leverages RCE to upload and execute
a given payload.
Versions of the JBoss application server (AS) admin-console are
known to be vulnerable to this exploit, without requiring authentication.
Tested against JBoss AS 5 and 6, running on Linux with JDKs 6 and 7.
This module provides a more efficient method of exploitation - it
does not loop to find desired Java classes and methods.
result, attackers can gain remote code execution through the
application server. This module leverages RCE to upload and execute
a given payload.
Versions of the JBoss application server (AS) admin-console are
known to be vulnerable to this exploit, without requiring authentication.
Tested against JBoss AS 5 and 6, running on Linux with JDKs 6 and 7.
This module provides a more efficient method of exploitation - it
does not loop to find desired Java classes and methods.
Author
vulp1n3 [email protected]
Platform
Java
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.