EvilZone

Hacking and Security => Hacking and Security => Topic started by: Daemon on September 11, 2012, 08:37:03 AM

Title: Java Exploit
Post by: Daemon on September 11, 2012, 08:37:03 AM

Someone was asking around about this, so heres a link to it:

http://www.eeye.com/resources/security-center/research/zero-day-tracker/2012/20120827 (http://www.eeye.com/resources/security-center/research/zero-day-tracker/2012/20120827)
and another one as well
https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day

The patch was released on the 30th so you should update your Java if you haven't already, heres the link if you need it
http://www.oracle.com/technetwork/java/javase/downloads/jdk7u7-downloads-1836413.html (http://www.oracle.com/technetwork/java/javase/7u7-relnotes-1835816.html)
. Cheers

Title: Re: Java Exploit
Post by: ande on September 11, 2012, 11:41:48 AM

POC: http://pastie.org/4594319 (http://pastie.org/4594319)
Metasploit module: [size=78%]http://www.metasploit.com/modules/exploit/multi/browser/java_jre17_exec (http://www.metasploit.com/modules/exploit/multi/browser/java_jre17_exec)[/size]