Full title: Jboss Application Server Remote Code Execution 0day 
Category: web applications
Platform: multiple
This exploit owns almost any jboss server . This works through a unnamed  INVOKER , there are million of jboss servers vuln.

Note : this exploit 100% functional.

THIS EXPLOIT USES A HIDDEN INVOKER IN WEB-CONSOLE, NO PERMISSION NEEDED TO EXPLOIT.
 
THE INVOKER IS LOCATED ON : http://xxxxx.com/web-console/Invoker
 
allow to invoke jboss.admin:service=DeploymentFileRepository without permissions.
 
that means can we execute code or write files on the remote server.

# 0day.today @ http://0day.today/