CVE-2018-14667 PoC — RichFaces Framework 代码注入漏洞

 [4.0K]  /data/pocs/e53e771d25dd569fdf59f9902ff9871eb858a187
├── [ 34K]  LICENSE
├── [ 212]  README.md
├── [4.0K]  src
│   └── [4.6K]  Main.java
└── [4.0K]  WebContent
    ├── [4.0K]  META-INF
    │   └── [  39]  MANIFEST.MF
    └── [4.0K]  WEB-INF
        └── [4.0K]  lib
            ├── [433K]  antlr-2.7.6.jar
            ├── [534K]  antlr-3.0.jar
            ├── [184K]  commons-beanutils-1.7.0.jar
            ├── [226K]  commons-beanutils-1.8.0.jar
            ├── [546K]  commons-collections-3.1.jar
            ├── [558K]  commons-collections-3.2.jar
            ├── [143K]  commons-digester-1.8.1.jar
            ├── [140K]  commons-digester-1.8.jar
            ├── [ 37K]  commons-logging-1.0.4.jar
            ├── [ 28K]  darkX-3.3.0.GA.jar
            ├── [ 28K]  darkX-3.3.3.Final.jar
            ├── [307K]  dom4j-1.6.1.jar
            ├── [ 49K]  ejb3-persistence-1.0.2.GA.jar
            ├── [ 15K]  geronimo-jta_1.0.1B_spec-1.1.jar
            ├── [ 31K]  glassX-3.3.0.GA.jar
            ├── [ 31K]  glassX-3.3.3.Final.jar
            ├── [273K]  hibernate-annotations-3.4.0.GA.jar
            ├── [ 65K]  hibernate-commons-annotations-3.1.0.CR1.jar
            ├── [ 65K]  hibernate-commons-annotations-3.1.0.GA.jar
            ├── [2.2M]  hibernate-core-3.3.0.CR1.jar
            ├── [2.2M]  hibernate-core-3.3.2.GA.jar
            ├── [ 61K]  hibernate-validator-3.1.0.CR1.jar
            ├── [ 61K]  hibernate-validator-3.1.0.GA.jar
            ├── [616K]  hsqldb-1.8.0.2.jar
            ├── [580K]  javassist-3.8.0.GA.jar
            ├── [ 32K]  javax.el-api-1.1.2.jar
            ├── [131K]  jboss-el-1.0_02.CR2.jar
            ├── [132K]  jboss-el-1.0_02.CR4.jar
            ├── [ 16K]  jboss-seam-debug-2.1.0.SP1.jar
            ├── [ 16K]  jboss-seam-debug-2.2.0.GA.jar
            ├── [2.5K]  jboss-seam-jul-2.1.0.SP1.jar
            ├── [255K]  jboss-seam-ui-2.1.0.SP1.jar
            ├── [289K]  jboss-seam-ui-2.2.0.GA.jar
            ├── [ 91K]  jhighlight-1.0.jar
            ├── [350K]  jsf-api-1.2_11.jar
            ├── [350K]  jsf-api-1.2_12.jar
            ├── [295K]  jsf-facelets-1.1.15.B1.jar
            ├── [816K]  jsf-impl-1.2_11.jar
            ├── [816K]  jsf-impl-1.2_12.jar
            ├── [ 20K]  jstl-1.0.jar
            ├── [ 15K]  jta-1.1.jar
            ├── [ 25K]  laguna-3.3.0.GA.jar
            ├── [ 25K]  laguna-3.3.3.Final.jar
            ├── [103K]  nekohtml-0.9.5.jar
            ├── [108K]  nekohtml-1.9.6.jar
            ├── [1.0M]  org.jboss.seam-jboss-seam-2.1.0.SP1.jar
            ├── [1.1M]  org.jboss.seam-jboss-seam-2.2.0.GA.jar
            ├── [ 51K]  persistence-api-1.0.jar
            ├── [167K]  richfaces-api-3.3.0.GA.jar
            ├── [172K]  richfaces-api-3.3.3.Final.jar
            ├── [1.4M]  richfaces-impl-3.3.0.GA.jar
            ├── [1.5M]  richfaces-impl-3.3.3.Final.jar
            ├── [3.8M]  richfaces-ui-3.3.0.GA.jar
            ├── [4.2M]  richfaces-ui-3.3.3.Final.jar
            ├── [ 15K]  slf4j-api-1.4.2.jar
            ├── [7.3K]  slf4j-simple-1.4.2.jar
            ├── [125K]  stringtemplate-3.0.jar
            ├── [ 34K]  themes-3.3.3.Final.jar
            ├── [ 57K]  violetRays-3.3.3.Final.jar
            ├── [1.2M]  xercesImpl-2.9.1.jar
            ├── [107K]  xml-apis-1.0.b2.jar
            ├── [190K]  xml-apis-1.3.04.jar
            ├── [ 24K]  xpp3_min-1.1.3.4.O.jar
            └── [256K]  xstream-1.1.3.jar

5 directories, 68 files

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.