JBoss JMX Console DeploymentFileRepository WAR Upload and Deployment

This module uses the DeploymentFileRepository class in the JBoss Application Server to deploy a JSP file which then deploys an arbitrary WAR file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

JBoss Java Class DeploymentFileRepository WAR deployment

No description provided by source. $Id: jbossdeploymentfilerepository.rb 9950 2010-08-03 15:14:34Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing...

JBoss 4.2.0 WebConsole/Invoker DeploymentFileRepository 代码执行漏洞

No description provided by source...

Jboss Application Server Remote Code Execution 0day

This exploit owns almost any jboss server . This works through a unnamed INVOKER , there are million of jboss servers vuln. Note : this exploit 100% functional. THIS EXPLOIT USES A HIDDEN INVOKER IN WEB-CONSOLE, NO PERMISSION NEEDED TO EXPLOIT. THE INVOKER IS LOCATED ON :...

JBoss DeploymentFileRepository WAR Deployment

require 'msf/core' class Metasploit4 /JBoss/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initializeinfo = superupdateinfoinfo, 'Name' = 'JBoss DeploymentFileRepository WAR Deployment via JMXInvokerServlet', 'Description' = %q This module can be used to execute a payload...

JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)

This module can be used to execute a payload on JBoss servers that have an exposed HTTPAdaptor's JMX Invoker exposed on the "JMXInvokerServlet". By invoking the methods provided by jboss.admin:DeploymentFileRepository a stager is deployed to finally upload the selected payload to the target. The...

JBoss 5.1.0 DeploymentFileRepository 代码执行漏洞

No description provided by source...

JBoss - Java Class DeploymentFileRepository WAR Deployment (Metasploit)

$Id: jbossdeploymentfilerepository.rb 9950 2010-08-03 15:14:34Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

JBoss应用服务器DeploymentFileRepository类目录遍历漏洞

BUGTRAQ ID: 21219 CVE ID: CVE-2006-5750 Jboss是非常流行的开源J2EE应用服务器。 JBoss应用服务器的DeploymentFileRepository类没有正确地过滤用户提供输入，通过认证的远程用户可以通过向默认监听于 8080端口上的控制台管理器提交恶意请求执行目录遍历攻击，导致读取、删除、覆盖或修改任意文件，最终可以在系统上执行任意命令。 JBoss Group JBoss Application Server 4.0.4 厂商补丁： RedHat ------...

JBoss Web Server DeploymentFileRepository class directory traversal

setBaseDir class function doesn't check base dir outside root application directory...