CVE-2017-1000028 PoC — Oracle GlassFish Server Open Source Edition 路径遍历漏洞

Source

https://github.com/NeonNOXX/CVE-2017-1000028

Associated Vulnerability

Title:Oracle GlassFish Server Open Source Edition 路径遍历漏洞 (CVE-2017-1000028)
Description:Oracle GlassFish Server Open Source Edition是美国甲骨文（Oracle）公司的一套开源版本的用于构建Java EE（服务器端Java应用程序）的服务器。 Oracle GlassFish Server Open Source Edition 4.1版本中存在目录遍历漏洞。攻击者可借助特制的HTTP GET请求利用该漏洞访问敏感数据。

Description

POC&EXP for GlassFish<4.1.1(not including 4.1.1).

Readme

# CVE-2017-1000028
POC&amp;EXP for GlassFish&lt;4.1.1(not including 4.1.1).

Param:
-u:For single url but without outputing the /etc/passwd.
-ut:For single url but with outputing the /etc/passwd.
-f:Read url from the url.txt and prove it if the url is vulnerable.
-c:This must be used with the parameter "-u",like:python3 CVE-2017-1000028.py -u http://xxx.xxx.xxx.xxx:4848 -c /etc/hello.txt.

Running under Python3.

I'm too bad at coding...so don't curse me when you using this shit....i'm still working on better= =!.

File Snapshot


 [4.0K]  /data/pocs/3a01d223706eb7e732dfedb8905720d23b945e18
├── [5.2K]  cve-2017-1000028.py
├── [ 520]  README.md
└── [  23]  url.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!