Proof of Concept Exploit for PrimeFaces 5.x EL Injection (CVE-2017-1000486), a RCE vulnerability that can be used to gain Remote Code Execution on a target.
You can find an excellent description of the vulnerability on the Minded Security blog.
The exploit provides a help function that prints all important parameters
The exploit provides a simple test mode (-t parameter) that can be used to verify if a target is actually vulnerable. This works by sending the following EL-Expression to the target, which will add an additional header field to the HTTP response. The header is then checked by the exploit:
The exploit provides two example payloads:
- payload.js (Execute a OS command)
- sleep.js (Sleep for 4 seconds, causing a delay of the response)
Please note that none of this examples will provide you with the output of the command.