Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-1000486 PoC — Primetek Primefaces 加密问题漏洞

Source
https://github.com/oppsec/pwnfaces
Associated Vulnerability
Title:Primetek Primefaces 加密问题漏洞 (CVE-2017-1000486)
Description:Primetek Primefaces是一个开源的使用在Java EE系统中的UI库。 Primetek Primefaces 5.x版本中存在加密问题漏洞。远程攻击者可利用该漏洞执行代码。
Description
😛 Primefaces 5.X EL Injection Exploit (CVE-2017-1000486)
Readme
# 😛 pwnfaces
> Primefaces 5.X EL Injection Exploit

<div align="center">
    <img src="./assets/banner.png" width="850">
</div>

<br>

<p align="center">
    <img src="https://img.shields.io/github/license/oppsec/pwnfaces?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/issues/oppsec/pwnfaces?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/stars/oppsec/pwnfaces?color=cyan&label=STARS&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/forks/oppsec/pwnfaces?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/languages/code-size/oppsec/pwnfaces?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
</p>

___

<br>

### 🕵️ What is pwnfaces?
🕵️ **pwnfaces** is a Golang tool created to exploit the vulnerability defined as CVE-2017-1000486 (EL Injection in PrimeFaces 5.X)

<br>

### ⚡ Installing / Getting started

A quick guide of how to install and use pwnfaces.

```shell
1. go install github.com/oppsec/pwnfaces@latest
2. pwnfaces -u http://127.0.0.1:8090/javax.faces.resource/dynamiccontent.properties.xhtml
```

You can use `go install github.com/oppsec/pwnfaces@latest` to update the tool

<br><br>

### ⚙️ Pre-requisites
- [Golang](https://go.dev/dl/) installed on your machine.

<br><br>

### ✨ Features
- Extremely fast
- Low RAM and CPU usage
- Made in Golang

<br><br>

### 🔨 Contributing

A quick guide of how to contribute with the project.

```shell
1. Create a fork from pwnfaces repository.
2. Download the project with git clone https://github.com/your/pwnfaces.git
3. cd pwnfaces/
4. Make your changes.
5. Commit and make a git push.
6. Open a pull request.
```

<br><br>

### ⚠️ Warning
- The developer is not responsible for any malicious use of this tool.
File Snapshot

 [4.0K]  /data/pocs/342bad5aa0ffdb673767e08400e5b10a2072d775
├── [4.0K]  assets
│   └── [223K]  banner.png
├── [1.1K]  CHANGELOG.md
├── [ 233]  Dockerfile
├── [ 294]  go.mod
├── [1.9K]  go.sum
├── [1.0K]  LICENSE
├── [1.8K]  main.go
├── [1.9K]  README.md
└── [4.0K]  src
    ├── [4.0K]  interface
    │   └── [ 348]  ui.go
    └── [4.0K]  pwnfaces
        └── [6.3K]  exploit.go

4 directories, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.