Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

RichFaces exploitation toolkit

Related Vulnerabilities: CVE-2013-2165   CVE-2018-12533   CVE-2018-14667   CVE-2015-0279   CVE-2018-12532  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="20"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#21">By Date</a>
<a href="22"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="20"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#21">By Thread</a>
<a href="24"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">RichFaces exploitation toolkit</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Red Timmy Security &lt;publications () redtimmy com&gt;


<em>Date</em>: Fri, 13 Mar 2020 21:29:47 +0100


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">Hi,

</pre><tt>The RichFaces library has been vulnerable to many Java deserialization 
</tt><tt>and EL injection vulnerabilities. This infamous library is included with 
</tt><tt>many JSF web applications for providing advanced UI elements beyond the 
</tt><tt>(very limited) set that is built-in with the framework. Therefore, many 
</tt><tt>websites using JSF are vulnerable to exploitation.
</tt><pre style="margin: 0em;">
</pre><tt>Until now, the vulnerabilities had to be exploited manually. Richsploit 
</tt><tt>is a toolkit that can exploit multiple versions of RichFaces:
</tt><pre style="margin: 0em;">
RichFaces 3
3.1.0 ≤ 3.3.3   CVE-2013-2165
3.1.0 ≤ 3.3.4   CVE-2018-12533
3.1.0 ≤ 3.3.4   CVE-2018-14667
RichFaces 4
4.0.0 ≤ 4.3.2   CVE-2013-2165
4.0.0 ≤ 4.5.4   CVE-2015-0279
4.5.3 ≤ 4.5.17  CVE-2018-12532

</pre><tt>For more information, please read our blog post at: 
</tt><tt><a rel="nofollow" href="https://www.redtimmy.com/java-hacking/richsploit-one-tool-to-exploit-all-versions-of-richfaces-ever-released/">https://www.redtimmy.com/java-hacking/richsploit-one-tool-to-exploit-all-versions-of-richfaces-ever-released/</a>
</tt><pre style="margin: 0em;">
</pre><tt>The tool can be downloaded from GitHub: 
</tt><tt><a rel="nofollow" href="https://github.com/redtimmy/Richsploit">https://github.com/redtimmy/Richsploit</a>
</tt><pre style="margin: 0em;">
Regards,
Red Timmy Security

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="20"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#21">By Date</a>
<a href="22"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="20"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#21">By Thread</a>
<a href="24"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>RichFaces exploitation toolkit</strong> <em>Red Timmy Security (Mar 13)</em>
<ul>
<li><a name="24" href="24">Oce Colorwave 500 printer - multiple vulnerabilities</a> <em>Red Timmy Security (Mar 20)</em>
</li>
</ul>
</li>
</ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started