Skip to content

Major Release - GlassFish support, Coldfusion updates, etc.
Compare
Choose a tag to compare
@hatRiot hatRiot released this 14 Sep 21:06
· 14 commits to master since this release
0.4
0f04a49

Added Oracle Glassfish, Coldfusion 5.x support, and Railo RCE/LFI modules.

Features

  • Oracle Glassfish now supported; this includes versions 3.0, 3.1, and 4.x Not all functions are supported for the platform yet, as it's kind of a crappy platform, but it's still in progress. Early support stable.
  • Platform-specific flags no longer included in the default help output. This was primarily done to improve help readability and prevent overflowing the user with potentially irrelevant information.
  • The --aux-list and --deployer-list flags now support a platform argument to print only platform-specific modules. All platforms/modules may still be printed by not providing an argument.
  • Significant modules added for Railo; pre-authentication LFI and pre-authentication RCE added.
  • Another post-authentication deployer (log_injection.py) added for Railo.
  • ColdFusion 5 fingerprint and support added

Enhancements

  • Payload invocation now tied to --timeout.
  • Coldfusion 6 now fully supported in all modules.

Bugs

  • Issue #25 revealed three separate bugs in JBoss invokes. All have now been patched.
  • Added Axis2 output for failed/already deployed payloads.
  • Fixed a bug with incorrectly invoking JBoss 7.0+ payloads.
Assets 2
Loading