Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/burpheart/CVE-2022-39197-patch
CVE-2022-39197 漏洞补丁. CVE-2022-39197 Vulnerability Patch.
https://github.com/burpheart/CVE-2022-39197-patch
cobalt-strike cobaltstrike cve-2022-39197
Last synced: 21 days ago
JSON representation
CVE-2022-39197 漏洞补丁. CVE-2022-39197 Vulnerability Patch.
- Host: GitHub
- URL: https://github.com/burpheart/CVE-2022-39197-patch
- Owner: burpheart
- Created: 2022-09-26T08:58:21.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2022-09-26T13:20:38.000Z (about 2 years ago)
- Last Synced: 2024-08-05T17:35:30.993Z (4 months ago)
- Topics: cobalt-strike, cobaltstrike, cve-2022-39197
- Language: Java
- Homepage:
- Size: 4.88 KB
- Stars: 314
- Watchers: 5
- Forks: 46
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - burpheart/CVE-2022-39197-patch - CVE-2022-39197 漏洞补丁. CVE-2022-39197 Vulnerability Patch. (Java)
README
# CVE-2022-39197 patch
### CVE-2022-39197 Cobalt Strike XSS 漏洞的一个临时补丁
通过 hook javax.swing.plaf.basic.BasicHTML的isHTMLString方法来禁用swing的html支持
PS: 部分依赖html的页面无法正常渲染(例如 关于页面)
### 使用方法
将 patch.jar 放入cobaltstrike启动目录下在cobaltstrike启动参数中加入javaagent 启用补丁
```
-javaagent:patch.jar
```启动cobaltstrike 输出Successfully Patched. 即为禁用成功
```
====== CVE-2022-39197 patch @burpheart ======
Successfully Patched.
```------------------
CVE-2022-39197 Cobalt Strike XSS vulnerability patchDisable html support for swing by hooking the isHTMLString method of javax.swing.plaf.basic.
PS: Some html-dependent pages do not render properly ( Such as About page etc.)
Add javaagent to the cobaltstrike startup parameters to enable patching
```
-javaagent:patch.jar
```Start cobaltstrike and output Successfully Patched.
```
====== CVE-2022-39197 patch @burpheart ======
Successfully Patched.
```