Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-1000129 PoC — Jolokia agent 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-1000129.yaml
Associated Vulnerability
Title:Jolokia agent 跨站脚本漏洞 (CVE-2018-1000129)
Description:Jolokia是一个利用JSON通过Http实现JMX远程管理的开源项目,它提供JMX批量操作、安全策略等。Jolokia agent是其中的一个代理。 Jolokia agent 1.3.7版本中的HTTP servlet存在跨站脚本漏洞。远程攻击者可利用该漏洞在用户浏览器中执行恶意的JavaScript代码。
Description
Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser.
File Snapshot

 id: CVE-2018-1000129

info:
  name: Jolokia 1.3.7 - Cross-Site Scripting
  author: mavericknerd,0h1i

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.