[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Jboss Application Server Remote Code Execution 0day

[ 0Day-ID-20044 ]
Full title
Jboss Application Server Remote Code Execution 0day [ Highlight ]
Highlight - is paid service, that can help to get more visitors to your material.

Price: 10
Date add
Category
Platform
Verified
Price
 
0.005 BTC

 
500 USD
Risk
[
Security Risk Critical
]
Rel. releases
Description
This exploit owns almost any jboss server . This works through a unnamed INVOKER , there are million of jboss servers vuln.

Note : this exploit 100% functional.

THIS EXPLOIT USES A HIDDEN INVOKER IN WEB-CONSOLE, NO PERMISSION NEEDED TO EXPLOIT.

THE INVOKER IS LOCATED ON : http://xxxxx.com/web-console/Invoker

allow to invoke jboss.admin:service=DeploymentFileRepository without permissions.

that means can we execute code or write files on the remote server.
Vendor
http://www.jboss.org
Affected ver
4.0.2, 4.2.2 , 4.2.1 , 4.0.*,4.2.*
Solution
no patch , no fix.
Prooves Information
Video proof
Proof imgs
Other Information
Abuses
0
Comments
3
Views
27 746
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks! Please, beware of scammers!
Please login or register to buy exploit.
OR
Buy incognito
19
1
Verified by 0day Admin
Verified by 0day Admin
This material is checked by Administration and absolutely workable.
Learn more about    GOLD:
0day.today Gold is the currency of 0day.today project and is denoted on this site as such image: . It used for paying for the services, buying exploits, earning money, etc
We accept:
BitCoin (BTC)
You can pay us via BTC
LiteCoin (LTC)
You can pay us via LTC
Ethereum (ETH)
You can pay us via ETH

Author
BL
29
Exploits
2
Readers
6
[ Comments: 3 ]
Terms of use of comments:
  • Users are forbidden to exchange personal contact details
  • Haggle on other sites\projects is forbidden
  • Reselling is forbidden
Punishment: permanent block of user account with all Gold.

Login or register to leave comments