POC详情: 342bad5aa0ffdb673767e08400e5b10a2072d775

来源
https://github.com/oppsec/pwnfaces
关联漏洞
标题: Primetek Primefaces 加密问题漏洞 (CVE-2017-1000486)
描述:Primetek Primefaces是一个开源的使用在Java EE系统中的UI库。 Primetek Primefaces 5.x版本中存在加密问题漏洞。远程攻击者可利用该漏洞执行代码。
描述
😛 Primefaces 5.X EL Injection Exploit (CVE-2017-1000486)
介绍
# 😛 pwnfaces
> Primefaces 5.X EL Injection Exploit

<div align="center">
    <img src="./assets/banner.png" width="850">
</div>

<br>

<p align="center">
    <img src="https://img.shields.io/github/license/oppsec/pwnfaces?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/issues/oppsec/pwnfaces?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/stars/oppsec/pwnfaces?color=cyan&label=STARS&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/forks/oppsec/pwnfaces?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/languages/code-size/oppsec/pwnfaces?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
</p>

___

<br>

### 🕵️ What is pwnfaces?
🕵️ **pwnfaces** is a Golang tool created to exploit the vulnerability defined as CVE-2017-1000486 (EL Injection in PrimeFaces 5.X)

<br>

### ⚡ Installing / Getting started

A quick guide of how to install and use pwnfaces.

```shell
1. go install github.com/oppsec/pwnfaces@latest
2. pwnfaces -u http://127.0.0.1:8090/javax.faces.resource/dynamiccontent.properties.xhtml
```

You can use `go install github.com/oppsec/pwnfaces@latest` to update the tool

<br><br>

### ⚙️ Pre-requisites
- [Golang](https://go.dev/dl/) installed on your machine.

<br><br>

### ✨ Features
- Extremely fast
- Low RAM and CPU usage
- Made in Golang

<br><br>

### 🔨 Contributing

A quick guide of how to contribute with the project.

```shell
1. Create a fork from pwnfaces repository.
2. Download the project with git clone https://github.com/your/pwnfaces.git
3. cd pwnfaces/
4. Make your changes.
5. Commit and make a git push.
6. Open a pull request.
```

<br><br>

### ⚠️ Warning
- The developer is not responsible for any malicious use of this tool.
文件快照

 [4.0K]  /data/pocs/342bad5aa0ffdb673767e08400e5b10a2072d775
├── [4.0K]  assets
│   └── [223K]  banner.png
├── [1.1K]  CHANGELOG.md
├── [ 233]  Dockerfile
├── [ 294]  go.mod
├── [1.9K]  go.sum
├── [1.0K]  LICENSE
├── [1.8K]  main.go
├── [1.9K]  README.md
└── [4.0K]  src
    ├── [4.0K]  interface
    │   └── [ 348]  ui.go
    └── [4.0K]  pwnfaces
        └── [6.3K]  exploit.go

4 directories, 10 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。