酷帥王子'blog-

重大利好:最新降糖药司美格鲁肽进入医保和门特...

curl忽律ssl请求https

RichFaces exploitation toolkit

2022-1-20 23:29 作者:酷帥王子 | 黑盒网络渗透测试 | 

Hi,
The RichFaces library has been vulnerable to many Java deserialization and EL injection vulnerabilities. This infamous library is included with many JSF web applications for providing advanced UI elements beyond the (very limited) set that is built-in with the framework. Therefore, many websites using JSF are vulnerable to exploitation. 

Until now, the vulnerabilities had to be exploited manually. Richsploit is a toolkit that can exploit multiple versions of RichFaces: 

RichFaces 3
3.1.0 ≤ 3.3.3   CVE-2013-2165
3.1.0 ≤ 3.3.4   CVE-2018-12533
3.1.0 ≤ 3.3.4   CVE-2018-14667
RichFaces 4
4.0.0 ≤ 4.3.2   CVE-2013-2165
4.0.0 ≤ 4.5.4   CVE-2015-0279
4.5.3 ≤ 4.5.17  CVE-2018-12532



For more information, please read our blog post at: https://www.redtimmy.com/java-hacking/richsploit-one-tool-to-exploit-all-versions-of-richfaces-ever-released/ 


The tool can be downloaded from GitHub: https://github.com/redtimmy/Richsploit 

Regards,
Red Timmy Security

		


		
重大利好:最新降糖药司美格鲁肽进入医保和门特...

		
			
			 
curl忽律ssl请求https

		


	
	
	

	
	 
	
	
	
	文章作者:酷帥王子
文章地址:https://www.2k8.org:443/post-311.html
版权所有 © 转载时必须以链接形式注明作者和原始出处!
	


				    

		

	

		
		
发表评论:

		

			
						

				
				
			

			

				
				
			

			

				
				
			

						

			
 

			
		

	

	

	
	













    

        
Links:
                    中测联盟uncia导航中测联盟乌云镜像搜索版中测联盟乌云镜像原版中测联盟乌云知识库世界0day买卖平台糖尿病医学网








 Powered by 酷帥王子

 CopyRight © 2009-2016 酷帥王子'blog.  All rights reserved.