Java Statement.invoke() Trusted Method Chain Exploit
This Metasploit module exploits a vulnerability in Java Runtime Environment that allows an untrusted method to run in a privileged context. The vulnerability affects version 6 prior to update 19 and...
View ArticleJava RMIConnectionImpl Deserialization Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the Java Runtime Environment that allows to deserialize a MarshalledObject containing a custom classloader under a privileged context. The...
View ArticleSun Java Web Start BasicServiceImpl Remote Code Execution Exploit
This Metasploit module exploits a vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox. By injecting a parameter into a javaws call within the BasicServiceImpl...
View ArticleJava Applet ProviderSkeleton Insecure Invoke Method
This Metasploit module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java...
View ArticleIPass Control Pipe Remote Command Execution
This Metasploit module exploits a vulnerability in the IPass Client service. This service provides a named pipe which can be accessed by the user group BUILTIN\Users. This pipe can be abused to force...
View ArticleApache Flex BlazeDS 4.7.0 XML Entity Expansion
When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations allows expanding of entities to local resources. A request that included a specially crafted...
View ArticleApache Qpid Untrusted Input Deserialization
When applications call getObject() on a consumed JMS ObjectMessage they are subject to the behaviour of any object deserialization during the process of constructing the body to return. Unless the...
View ArticleJenkins CLI HTTP Java Deserialization
This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins, which allows remote arbitrary code execution via HTTP. Authentication is not required to...
View ArticleApache Struts 2 Forced Multi OGNL Evaluation
The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will...
View Article