Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/redtimmy/Richsploit

Exploitation toolkit for RichFaces
https://github.com/redtimmy/Richsploit

Last synced: 22 days ago
JSON representation

Exploitation toolkit for RichFaces

Host: GitHub
URL: https://github.com/redtimmy/Richsploit
Owner: redtimmy
License: mit
Created: 2020-03-06T16:05:49.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2023-11-03T12:47:19.000Z (about 1 year ago)
Last Synced: 2024-08-05T17:26:30.426Z (4 months ago)
Language: Java
Size: 18.6 MB
Stars: 101
Watchers: 3
Forks: 16
Open Issues: 7
Metadata Files:
- Readme: README.MD
- License: LICENSE.txt

Awesome Lists containing this project

awesome-hacking-lists - redtimmy/Richsploit - Exploitation toolkit for RichFaces (Java)

README

# Richsploit
Richsploit: Exploitation toolkit for RichFaces.

Overview

Richsploit can be used to exploit JSF endpoints using RichFaces. All versions from 3.1.0 and higher are vulnerable.

usage: Richsploit
-e,--exploit 0: CVE-2013-2165
1: CVE-2015-0279
2: CVE-2018-12532
3: CVE-2018-12533
4: CVE-2018-14667
-p,--payload The file containing serialized object
(CVE-2013-2165), or
Shell command to execute (all other CVE's)
-u,--url URL of richfaces application, i.e.
http://example.com/app for RF4.x and
http://example.com/app/a4j/g/3_3_3.Final for RF3.x
-v,--version Richfaces branch, either 3 or 4

For more information about how to use the tool, please see [this blog post](https://www.redtimmy.com/java-hacking/richsploit-one-tool-to-exploit-all-versions-of-richfaces-ever-released/).