Results 1 to 9 of 9

Thread: JBoss Default Authentication Share/Save - My123World.Com!

  1. #1

    Lightbulb JBoss Default Authentication

    I was working on one application and found an interesting Google query while looking for exploitation technique, may be this is not new for you.
    The default configuration of JBoss does not restrict access to the console and web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

    There you get thousand results..Click on any of the links
    and you will gain access to the backend application

    http://www.google.com.au/search?q=inurl:inspectMBean

  2. #2
    Awesome find bro
    The three great essentials to achieve anything worth while are: Hard work, Stick-to-itiveness, and Common sense. - Thomas A. Edison
    __________________________________________________ _____________________

  3. #3
    great research bro

  4. #4
    Similarly this will also help:

    inurl:jmx-console/HtmlAdaptor

  5. #5
    JBOSS also has persistent XSS
    For examples check the following:

    http://app.airtel.in/jmx-console//Ht...loymentScanner

  6. #6
    another APache TOMCAT Dork
    Code:
    http://www.google.com/#sclient=psy&hl=en&q=intitle:Example+JSP++inurl%3A%2Fjsp-examples%2F&aq=f&aqi=&aql=&oq=&gs_rfai=&psj=1&fp=83f87efc6f926f13
    Vinnu Bro where you added the redirect string :?

  7. #7
    Well i did it because few months back airtel said that its webportals are unhackable, it was an open challenge for all hackers.

    A jsp shell can be easily loaded on it.

    At the same place where we can specify the url for jsp war application we can also inject scripts into it.

    U can do it in addURL() text box. The JBOSS has persistent XSS.

    ..."vinnu"

  8. #8
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Similarly you could use shodan also as jboss installed servers response witt "jboss" string .
    Hacking Is a Matter of Time Knowledge and Patience

  9. #9
    InfoSec Consultant the_empty's Avatar
    Join Date
    Jul 2010
    Location
    the blue no-where
    Posts
    155
    Blog Entries
    2
    as I recall, there was an auth bypass vulnerability as well where-in attacker could user "PUT" instead of "GET" and get access.

    also there is a paper which provides a good insight on how that can be exploited further. thanks to FB1 (for old times sake, I hope it reminds him of something)...

    http://www.nruns.com/_downloads/Whit...-a-Browser.pdf


    Regards,
    the_empty
    ACCESS is GOD

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •