CVE-2017-1000486

This Metasploit module exploits CVE-2017-1000486, a remote code execution vulnerability in Primefaces JSF framework due to weak encryption and default credentials. It crafts an encrypted payload using DES encryption and sends it via HTTP POST to execute arbitrary commands.

This repository contains a functional exploit for CVE-2017-1000486, targeting Primefaces <= 5.2.21, 5.3.8, or 6.0. The exploit leverages a padding oracle attack to achieve remote code execution via weak cryptographic implementation in the Primefaces JSF framework.

This repository contains a functional Go-based exploit for CVE-2017-1000486, targeting EL Injection in PrimeFaces 5.X. The tool automates the exploitation process, allowing command execution via crafted HTTP requests.

This repository contains a functional exploit for CVE-2017-1000486, an EL injection vulnerability in PrimeFaces 5.x that allows remote code execution. The exploit leverages JavaScript execution via the JavaScript engine bundled with the Java VM to achieve RCE.

This repository contains a functional exploit for CVE-2017-1000486, targeting a PrimeFaces EL injection vulnerability. It includes a Python script and a Perl script (padBuster) to retrieve the PrimeFaces secret via a Padding Oracle attack and execute arbitrary commands using crafted EL expressions.

This repository provides a detailed technical analysis of CVE-2017-1000486, a remote code execution vulnerability in PrimeFaces, specifically targeting the dynamiccontent.properties.xhtml endpoint. It includes a walkthrough of exploitation steps, references to existing exploits, and mitigation recommendations.

This repository contains a functional exploit for CVE-2017-1000486, an EL injection vulnerability in PrimeFaces 5.x. The exploit leverages JavaScript payloads to achieve remote code execution (RCE) by manipulating the `pfdrid` parameter in HTTP requests, with results returned in HTTP response headers.

This repository contains a Dockerfile for setting up a vulnerable Tomcat 7 environment but lacks actual exploit code or technical details about CVE-2017-1000486. It references external sources without providing a functional PoC.

This repository contains a functional Go-based exploit for CVE-2017-1000486, targeting EL Injection in PrimeFaces 5.X. The tool crafts malicious requests to achieve remote code execution (RCE) on vulnerable systems.

This Metasploit module exploits a Java Expression Language (EL) injection vulnerability in Primefaces due to weak encryption, allowing remote code execution via crafted payloads. It leverages a padding oracle attack to bypass encryption and execute arbitrary commands.