CVE-2013-1488 PoC — Oracle Java 任意代码执行漏洞

Source

https://github.com/v-p-b/buherablog-cve-2013-1488

Associated Vulnerability

Title:Oracle Java 任意代码执行漏洞 (CVE-2013-1488)
Description:Oracle Java 7是Java 的下一个版本，也是SUN被oracle收购以后的第一个Java版本。 Oracle Java 7 Update 17版本以及其他版本中存在漏洞。通过包含的未明反映的向量，远程攻击者利用该漏洞执行任意代码。

Description

PoC Java exploit based on http://www.contextis.com/research/blog/java-pwn2own/

Readme

Java Pwn2Own exploit - CVE-2013-1488
====================================

Proof-of-Concept exploit by [axt](http://axtaxt.wordpress.com) based on the [writeup by James Forshaw](http://www.contextis.com/research/blog/java-pwn2own/)

Affects JRE versions before 7u21

File Snapshot


 [4.0K]  /data/pocs/c85f99a440a1245de751f38409d6c4ad3ee22658
├── [ 266]  README.md
└── [4.0K]  src
    ├── [1.5K]  FakeDriver1.java
    ├── [2.2K]  FakeDriver2.java
    ├── [1.3K]  MainApplet.java
    └── [4.0K]  META-INF
        └── [4.0K]  services
            ├── [  43]  java.lang.Object
            └── [  23]  java.sql.Driver

3 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!