Hi,
The RichFaces library has been vulnerable to many Java deserialization
and EL injection vulnerabilities. This infamous library is included with
many JSF web applications for providing advanced UI elements beyond the
(very limited) set that is built-in with the framework. Therefore, many
websites using JSF are vulnerable to exploitation.
Until now, the vulnerabilities had to be exploited manually. Richsploit
is a toolkit that can exploit multiple versions of RichFaces:
RichFaces 3
3.1.0 ≤ 3.3.3 CVE-2013-2165
3.1.0 ≤ 3.3.4 CVE-2018-12533
3.1.0 ≤ 3.3.4 CVE-2018-14667
RichFaces 4
4.0.0 ≤ 4.3.2 CVE-2013-2165
4.0.0 ≤ 4.5.4 CVE-2015-0279
4.5.3 ≤ 4.5.17 CVE-2018-12532
For more information, please read our blog post at:
https://www.redtimmy.com/java-hacking/richsploit-one-tool-to-exploit-all-versions-of-richfaces-ever-released/
The tool can be downloaded from GitHub:
https://github.com/redtimmy/Richsploit
Regards,
Red Timmy Security
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
