Full Disclosure mailing list archives
RichFaces exploitation toolkit
From: Red Timmy Security <publications () redtimmy com>
Date: Fri, 13 Mar 2020 21:29:47 +0100
Hi,The RichFaces library has been vulnerable to many Java deserialization and EL injection vulnerabilities. This infamous library is included with many JSF web applications for providing advanced UI elements beyond the (very limited) set that is built-in with the framework. Therefore, many websites using JSF are vulnerable to exploitation.
Until now, the vulnerabilities had to be exploited manually. Richsploit is a toolkit that can exploit multiple versions of RichFaces:
RichFaces 3 3.1.0 ≤ 3.3.3 CVE-2013-2165 3.1.0 ≤ 3.3.4 CVE-2018-12533 3.1.0 ≤ 3.3.4 CVE-2018-14667 RichFaces 4 4.0.0 ≤ 4.3.2 CVE-2013-2165 4.0.0 ≤ 4.5.4 CVE-2015-0279 4.5.3 ≤ 4.5.17 CVE-2018-12532For more information, please read our blog post at: https://www.redtimmy.com/java-hacking/richsploit-one-tool-to-exploit-all-versions-of-richfaces-ever-released/
The tool can be downloaded from GitHub: https://github.com/redtimmy/Richsploit
Regards, Red Timmy Security _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- RichFaces exploitation toolkit Red Timmy Security (Mar 13)
- Oce Colorwave 500 printer - multiple vulnerabilities Red Timmy Security (Mar 20)
