all InfoSec news
JNDI-Injection-Exploit - A Tool Which Generates JNDI Links Can Start Several Servers To Exploit JNDI Injection Vulnerability
Feb. 25, 2022, 11:30 a.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. RMI server and LDAP server are based on marshals and modified further to link with HTTP server.
Using this tool allows you get JNDI links, you can insert these links into your POC to test vulnerability.
For example, this is a Fastjson vul-poc:
{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://127.0.0.1:1099/Object","autoCommit":true}
We can replace "rmi://127.0.0.1:1099/Object" with the link generated by JNDI-Injection-Exploit to test vulnerability.
Disclaimer
All …
exploit injection jndi links servers start tool vulnerability vulnerable application
More from www.kitploit.com / KitPloit - PenTest Tools!
Jobs in InfoSec / Cybersecurity
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Azure Security Architect
@ First Quality | Remote US - Eastern or Central Timezone
Senior Security Engineer
@ LRQA | Birmingham, GB, B37 7ES
Product Security Intern
@ Sinch | Chicago, Illinois, United States
Cyber Support Engineer
@ Darktrace | New York