Guest User

JNDI -Vulnerability identification [1-1],[1-2] cases :

a guest
May 17th, 2014
84
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  @Abdelmoughite Eljoaydi
  2.      
  3.    
  4. 1-1# Exceptional class object creation/code injection behaviour :   ----------------------------------------------------------------------------------------------------------------------------------------
  5.  
  6. <script type="text/javascript">
  7.        document.write('<div class="JSTree">');
  8.        setBaseDirectory('/console/utils/JStree/images/');
  9.        setTaxonomyDelimeter('.');
  10.     {
  11.         _a = new TreeNode('server', null, '[ MALICIOUS CODE ]', '/console/consolejndi.portal?_nfpb=true&_pageLabel=JNDIHomePage&server=[ MALICIOUS CODE ]', 'images/spacer.gif', 'images/spacer.gif', null, '[MALICIOUS CODE]', false, false);
  12.      
  13.      var messageCatalog = new Array(7);
  14.      messageCatalog["tree.popup.collapsenode.label"] = "Collapse Node";
  15.      messageCatalog["tree.popup.expandnode.label"] = "Expand Node";
  16.      messageCatalog["tree.popup.expanded.label"] = #"Expanded";
  17.      messageCatalog["tree.popup.collapsed.label"] = "Collapsed";
  18.      messageCatalog["tree.popup.of.label"] = "of";
  19.      messageCatalog["tree.popup.selected.label"] = "Selected";
  20.      messageCatalog["tree.popup.level.label"] = "Level";
  21.         setHighlightedNodes( 'base' );
  22.         createTree(_a);
  23.     }
  24.       document.write('<\/div>');
  25.       </script>
  26.    
  27. 1-2# Normal behaviour (Valid "nodeName") :   ----------------------------------------------------------------------------------------------------------------------------------------
  28. //AdminServer : valid NodeName.
  29.    
  30.      <script type="text/javascript">
  31.        document.write('<div class="JSTree">');
  32.        setBaseDirectory('/console/utils/JStree/images/');
  33.        setTaxonomyDelimeter('.');
  34.      {
  35.      
  36.         // Parent Node "_a".
  37.        _a = new TreeNode('server', null, 'AdminServer', '/console/consolejndi.portal?_nfpb=true&_pageLabel=JNDIHomePage&server=AdminServer', 'images/spacer.gif', 'images/spacer.gif', null, 'AdminServer', false, true);
  38.      
  39.         _aa = new TreeNode('__WL_GlobalJavaAppNode',_a, '__WL_GlobalJavaApp', '/console/consolejndi.portal?_pageLabel=JNDIContextPageGeneral&_nfpb=true&JNDIContextPortlethandle=com.bea.console.handles.JndiContextHandle%28%22__WL_GlobalJavaApp%3BAdminServer%22%29', 'images/spacer.gif', 'images/spacer.gif', null, '__WL_GlobalJavaApp', false, false);
  40.      
  41.         _aa = new TreeNode('ejbNode',_a, 'ejb', '/console/consolejndi.portal?_pageLabel=JNDIContextPageGeneral&_nfpb=true&JNDIContextPortlethandle=[....]','images/spacer.gif',   'images/spacer.gif', null, 'ejb', false, true);
  42.      
  43.         _aaa = new TreeNode('mgmtNode',_aa, 'mgmt', '/console/consolejndi.portal?_pageLabel=JNDIContextPageGeneral&_nfpb=true&JNDIContextPortlethandle=[.....]','images/spacer.gif', 'images/spacer.gif', null, 'mgmt', false, true);
  44.         [......]
  45.      }
  46.      
  47.     -----------------------------------------------------------------------------------------------------------------------------------------
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×