This tool can be used to exploit vulnerable versions of RichFaces. It has payloads for 4 vulnerabilities that have been identified, which can lead to remote code execution via java deserialization and EL injection.
648af6bc429ca530648d01005b86d127e64fe5a21538da847835939211cb2f63
Richfaces version 3.x suffers from a remote code execution vulnerability.
5dfbb32d43674a8fbcf00a8b17109c6edc2aa21bc7c6922d64c36ba5c89fcce7
Red Hat Security Advisory 2018-3581-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This asynchronous patch is a security update for the RichFaces package in standalone versions of Red Hat JBoss BRMS 5.3.1. Issues addressed include a code execution vulnerability.
f7369141e3c8f354bc5d5866d630ec080bd6112fae215fde5811e98e1830d7cb
Red Hat Security Advisory 2018-3519-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss SOA Platform 5.3.1. Issues addressed include a code execution vulnerability.
77c3116fd25fb2be3da1c55cc7fe5509a4c599cd5c8189a6c1fc9e5c55766c8e
Red Hat Security Advisory 2018-3518-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
ac8bf2c688d4777e473c034aebe746ff9c216a93cdc11d6723447e51a35e58bb
Red Hat Security Advisory 2018-3517-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
663f8e8218e5c255e7ccfa37e54ee2894185be388adca7b633fb7e7bf7035c9b