Timeline for Unrestricted File Upload on JBoss
Current License: CC BY-SA 3.0
25 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 12, 2017 at 9:44 | comment | added | eckes | I don't see a way to get this executed if it is in a fixed directory and without user specified extension. The only thing is you could place JavaScript in there and get it sourced from the same domain. | |
| May 12, 2017 at 8:58 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Apr 12, 2017 at 9:34 | comment | added | niilzon | even if you upload your shell (i guess a jsp or a war file) where you want, unless you manage to overwrite a file, you probably won't be able to use it since it won't be mapped or loaded (jsp would not be mapped to any url, war would not be deployed (unless autoDeploy was set to true, if you are lucky !) | |
| Apr 12, 2017 at 8:57 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Mar 13, 2017 at 5:58 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Feb 11, 2017 at 4:06 | answer | added | Douglas Daseeco | timeline score: 1 | |
| Jan 19, 2017 at 16:46 | history | tweeted | twitter.com/StackSecurity/status/822123108232556548 | ||
| Jan 17, 2017 at 16:00 | comment | added | wireghoul | This doesn't look exploitable via jsp file upload based on the information provided. | |
| Jan 17, 2017 at 10:30 | history | edited | aress31 | CC BY-SA 3.0 |
typo
|
| Jan 17, 2017 at 10:22 | history | edited | aress31 | CC BY-SA 3.0 |
typo
|
| Jan 17, 2017 at 9:45 | history | edited | aress31 | CC BY-SA 3.0 |
added 5 characters in body
|
| Jan 17, 2017 at 9:27 | comment | added | aress31 | @wireghoul I just added more information to my question, hope it helps. | |
| Jan 17, 2017 at 9:26 | history | edited | aress31 | CC BY-SA 3.0 |
More details
|
| Jan 17, 2017 at 0:04 | comment | added | wireghoul | You might want to add the request/response for the uploaded file, but from the url I'd guess there is a database blob retrival happening, not a file written to disk. Otherwise you may be able to upload a .htaccess webshell. | |
| Jan 16, 2017 at 22:37 | history | edited | aress31 | CC BY-SA 3.0 |
improved language
|
| Jan 16, 2017 at 21:58 | comment | added | aress31 | I have no idea where does it map on the OS I am carrying a Pentest, I only have access to the web application, I have no visibility on the server/OS. | |
| Jan 16, 2017 at 21:43 | history | edited | aress31 | CC BY-SA 3.0 |
more details
|
| Jan 16, 2017 at 21:40 | comment | added | Steve Sether | Where does the uploaded file map to on the OS? You're only specifying the external URL. Also, have you tried specifying previous directory for the filename? i.e. ../MyFile? | |
| Jan 16, 2017 at 21:34 | comment | added | Herringbone Cat | In that case my question becomes, " my problem is that the file I upload will always be store in whatever.com/something/avatar/2." Why can't it be named something.com.war? | |
| Jan 16, 2017 at 21:32 | comment | added | aress31 | I only have acces to a deployed web app. | |
| Jan 16, 2017 at 21:30 | comment | added | Herringbone Cat | Do you only have access to a deployed war/webapp or do you have access to the JMX console? | |
| Jan 16, 2017 at 21:25 | history | edited | aress31 | CC BY-SA 3.0 |
added 11 characters in body
|
| Jan 16, 2017 at 21:16 | review | First posts | |||
| Jan 16, 2017 at 21:37 | |||||
| Jan 16, 2017 at 21:13 | history | edited | aress31 | CC BY-SA 3.0 |
edited body
|
| Jan 16, 2017 at 21:05 | history | asked | aress31 | CC BY-SA 3.0 |