jexboss
jexboss copied to clipboard
joaomatosf
The check_vul method in jexboss.py isn't rigorous
Hi, joaomatosf, When I use your tools to exploit, I find many false alarm. I was been told there ware all VULNERABLE, then I tried to run an automated exploitation to execute a command,but only got an error "*Error contacting the command shell. Try again later..." Then I tried to access the url like http://xxxx.com/jmx-console/, the response status is 200 and the body is:
<!--link rel="stylesheet" href="/layout/default.css" type="text/css"-->
<html>
<head>
<script type="text/javascript">
window.location.href='http://xxxxxx.com/404.jsp';
</script>
</head>
<body>
</body>
</html>
I read the codes and suspect the logic of check_vul method in jexboss.py isn't rigorous. In the check_vul, HEAD method is used to get the response and judge whether been VULNERABLE only depend on the response's status.If status is 200 or 500, there are VULNERABLE. But, my response's status is 200 and the response's body is a 404 page.So I think it's better to check the body's content to avoid the false alarm. Thank you!
Hello Friend,
I'm working on an update (which will contain a new exploit and a very important new exploit vector). I will add the fix with your suggestion in this version, which should be available in a few days ...
Thank you very much for the feedback and sorry for the delay in replying to you.
