CVE-2009-1088

Hannon Hill Cascade Server 5.7 - Authenticated Remote Code Execution via XSLT Stylesheet

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1088. PoCs published by Emory University.

AI-analyzed exploit summary This exploit leverages XSLT extension functions in Hannon Hill Cascade Server to execute arbitrary Java code, enabling command execution with the privileges of the Cascade Server process. The PoC demonstrates how an attacker with access to edit XSLT stylesheets can run shell commands via the java.lang.Runtime class.

Description

Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Emory University · textwebappscgi

https://www.exploit-db.com/exploits/8247

View Code ZIP pw:eip

This exploit leverages XSLT extension functions in Hannon Hill Cascade Server to execute arbitrary Java code, enabling command execution with the privileges of the Cascade Server process. The PoC demonstrates how an attacker with access to edit XSLT stylesheets can run shell commands via the java.lang.Runtime class.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Hannon Hill Cascade Server (all versions)

Auth required

Prerequisites: Access to an unprivileged account with XSLT editing privileges · Ability to create or modify stylesheets, blocks, and pages

MITRE ATT&CK