Skip to content
/ CVE-2017-1000486 Public

Remote Code Execution exploit for PrimeFaces 5.x - EL Injection (CVE-2017-1000486)

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

LongWayHomie/CVE-2017-1000486

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

README.md

README.md

 
 

payload.js

payload.js

 
 

primefaces.py

primefaces.py

 
 

requirements.txt

requirements.txt

 
 

sleep.js

sleep.js

 
 

Repository files navigation

CVE-2017-1000486

Remote Code Execution exploit for PrimeFaces 5.x - EL Injection (CVE-2017-1000486)

This is basically the same exploit made by Mogwailabs, but edited to work in closed environments without access to the internet or with blocked firewall outbound traffic. It gives you results in HTTP response header, so in case you're trying doing blind RCEwith old exploit - not anymore.

Usage

python3 primefaces.py -t vulnapp.com id

Feel free to edit vuln_point variable for exact endpoint.

About

Remote Code Execution exploit for PrimeFaces 5.x - EL Injection (CVE-2017-1000486)

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages