This exploit dynamically creates an applet via the Msf::Exploit::Java mixin, converts it to a .jar file, then signs the .jar with a dynamically created certificate containing values of your choosing. This is presented to the end user via a web page with an applet tag, loading the signed applet. The user's JVM pops a dialog asking if they trust the signed applet and displays the values chosen. Once the user clicks 'accept', the applet executes with full user permissions. The java payload used in this exploit is derived from Stephen Fewer's and HDM's payload created for the CVE-2008-5353 java deserialization exploit. This Metasploit module requires the rjb rubygem, the JDK, and the $JAVA_HOME variable to be set. If these dependencies are not present, the exploit falls back to a static, signed JAR.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Packet Storm Security Headlines (20 unread)
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution
