Description
Versions of the JBoss Seam 2 framework < 2.2.1CR2 fails to properly sanitize inputs to some JBoss Expression Language expressions. As a result, attackers can gain remote code execution through the application server. This module leverages RCE to upload and execute a given payload.
Versions of the JBoss application server (AS) admin-console are known to be vulnerable to this exploit, without requiring authentication. Tested against JBoss AS 5 and 6, running on Linux with JDKs 6 and 7.
This module provides a more efficient method of exploitation - it does not loop to find desired Java classes and methods.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/http/jboss_seam_upload_execmsf undefined(jboss_seam_upload_exec) > show actions ...actions...msf undefined(jboss_seam_upload_exec) > set ACTION < action-name >msf undefined(jboss_seam_upload_exec) > show options ...show and set options...msf undefined(jboss_seam_upload_exec) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub