Notes

Exploiting OGNL Injection

Exploiting OGNL Injection

Recently during a penetration test Burp Suite reported a “Expression Language Injection” issue. Burp Suite recognizes the issue thanks to the following payload: gk6q${"zkz".toString().replace("k", "x")}doap2 The value returned was “igk6qzxzdoap2”,…
More JBOSS hacking

More JBOSS hacking

Deployed Apps Listing From jmx console use the MainDeployer agent (picture #13) direct url: [crayon-5c129e544c98e833004016/] click on revoke on java.util.Collection listDeployed() item (picture #14). Deployment Scanner [crayon-5c129e544c993372249825/] Shutdown From jmx…