.. / CVE-2017-1000028

Exploit for Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion (CVE-2017-1000028)

Description:

Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.

Nuclei Template

View the template here CVE-2017-1000028.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-1000028.yaml

References:

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904
https://www.exploit-db.com/exploits/45196
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822
https://nvd.nist.gov/vuln/detail/CVE-2017-1000028
https://www.exploit-db.com/exploits/45196/

.. / CVE-2017-1000028 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion (CVE-2017-1000028)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2017-1000028