Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] jboss-vuln-cve2010-0738.nse
From: Tiago Natel de Moura <tiago4orion () gmail com>
Date: Sat, 16 Jun 2012 00:39:39 -0300

Hi list, this is just a script that I created to exploit the CVE-2010-0738
of JBoss.

description = [[
JBoss Enterprise Application Platform is prone to multiple vulnerabilities,
including an information-disclosure issue and multiple
 authentication-bypass
issues. An attacker can exploit these issues to bypass certain security
restrictions to obtain sensitive information or gain unauthorized access
to the application.
this script will attempt to exploit one of these vulnerabilities and get a
reverse shell on the target machine.

This exploit is a rewrite to NSE of the Kingcope's perl exploit (
daytona_bsh.pl).

More information:
http://www.exploit-db.com/exploits/16274/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0738
http://www.securityfocus.com/bid/39710
]]

source:
https://github.com/tiago4orion/nmap-scripts/blob/master/jboss-vuln-cve2010-0738.nse

Here is a sample output:
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache Tomcat/Coyote JSP engine 1.1 (Tomcat 5.5)
| jboss-vuln-cve2010-0738:
|   VULNERABLE:
|   JBoss Application Server Remote Exploit
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2010-0738
|     Description:
|       JBoss Enterprise Application Platform is prone to multiple
|       vulnerabilities, including an information-disclosure issue
|       and multiple  authentication-bypass issues. An attacker can
|       exploit these issues to bypass certain security restrictions
|       to obtain sensitive information or gain unauthorized access
|       to the application.
|
|     Disclosure date: 2010-04-26
|     Extra information:
|       EXPLOIT SUCCESSFULL, REVERSE SHELL AT <reverse_host>:<reverse_port>
|     References:
|       http://www.exploit-db.com/exploits/16274/
|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0738
|_      http://www.securityfocus.com/bid/39710


Cheers.
[]'s

-- 

Tiago Natel de Moura
Consultor de Segurança da Informação
http://www.linkedin.com/in/tiagonatel
http://www.secplus.com.br/
http://github.com/tiago4orion
http://code.google.com/p/bugsec

Attachment: jboss-vuln-cve2010-0738.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]