Hacking Book | Free Online Hacking Learning


jboss remote code execution vulnerability

Posted by bassolino at 2020-02-27

JBoss default configuration will have a background vulnerability, which occurs in jboss.deployment namespace

The Addurl () function in, which can download a war package remotely and extract it

Click flavor = URL, type = deploymentscanner to enter

Write the URL address of the war compressed file webshell in the input box, as shown in the figure above