Closed joaomatosf closed 7 years ago
Jexboss makes automated exploitation of various deserialization problems, including: JMXInvokerServlet (since 2013), javax.faces.ViewState (and any HTTP POST parameters), RMI, Jenkins, etc.
Link: https://github.com/joaomatosf/jexboss
Videos: Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications with JexBoss https://www.youtube.com/watch?v=VaLSYzEWgVE Exploiting JBOSS with JexBoss https://www.youtube.com/watch?v=yI54sRqFOyI
Can you consider including it in cheat-Sheet?
Thanks
I'll add it
Thanks ;D
added
Jexboss makes automated exploitation of various deserialization problems, including: JMXInvokerServlet (since 2013), javax.faces.ViewState (and any HTTP POST parameters), RMI, Jenkins, etc.
Link: https://github.com/joaomatosf/jexboss
Videos: Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications with JexBoss https://www.youtube.com/watch?v=VaLSYzEWgVE Exploiting JBOSS with JexBoss https://www.youtube.com/watch?v=yI54sRqFOyI
Can you consider including it in cheat-Sheet?
Thanks