SHARE
CORE IMPACT v9 - Exploits Update (Fri Sep 25 2009)
JOnAS Remote Command Injection Exploit
Exploits/Client Side [Windows]
• Fri Sep 25 2009
This module exploits a XSS vulnerability in JOnAS which allows IMPACT Pro to perform remote command injection impersonating an administrator and uploading a plugin to the JOnAS server. This module runs a web server waiting for a JOnAS administrator to connect to it. When the client connects, it will retrieve their JOnAS cookie and try to install an agent on the JOnAS server by installing a custom plugin in JOnAS.
Exploits Vulnerabiltiy: NOCVE-9999-36877