Notes

Exploiting OGNL Injection

Exploiting OGNL Injection

Recently during a penetration test Burp Suite reported a “Expression Language Injection” issue. Burp Suite recognizes the issue thanks to the following payload: gk6q${"zkz".toString().replace("k", "x")}doap2 The value returned was “igk6qzxzdoap2”,…
More JBOSS hacking

More JBOSS hacking

Deployed Apps Listing From jmx console use the MainDeployer agent (picture #13) direct url: [crayon-58d79ef281c01276936614/] click on revoke on java.util.Collection listDeployed() item (picture #14). Deployment Scanner [crayon-58d79ef281c0c141125867/] Shutdown From jmx…
Oracle cheat sheet

Oracle cheat sheet

to see scheduled jobs select job from USER_JOBS; to see what a job do SELECT JOB, WHAT FROM USER_JOBS WHERE JOB = job_name; to log all sys and system commands;…
Oracle Portal for Friends

Oracle Portal for Friends

Oracle 10g Application Server till 10.1.2 .1.0 remote exploiting of what described in: Testing_for_Oracle Bugtraq ID 16384 This example makes use of injection in ORASSO.HOME but these path also work:…
JBOSS application deploy via web

JBOSS application deploy via web

JBOSS is an application server/middleware that use Apache Tomcat as jsp engine; this paper explains how to deploy a custom application in order to operate (read, write, execute) with the…