This post is the POC for vulnerability CVE-2010-1871, this vulnerability was identified way long back at 2010 and there are few article already in internet to explain how this can be exploited manually. In this post we going to see the POC of this exploit using the MSF tool.
This is exploitable on linux system running JBoss Seam 2 framework <2.2.1CR2with Java.
This vulnerability is ranked as medium initially, but since Metasploit had wrote the new exploit today to use with it, it is very easy for an adversary with low knowledge to exploit this vulnerability, so this should be reported as high risk when you conducting vulnerability test for your clients.
Reconnaissance:
Google Dork to find the on line JBoss console is allinurl:"/admin-console/login.seam"
Exploitation:
Update your MSF exploit code manually if you don't find the exploit already.
Recommendation:
- Update JBoss https://rhn.redhat.com/errata/RHSA-2010-0564.html
- Don't run JBoss under user 'root '.
- Block unnecessary ports on the firewall, so it rejects connection back to the adversary.
http://www.rapid7.com/db/modules/exploit/multi/http/jboss_seam_upload_exec
No comments:
Post a Comment