What's the authentication mechanism used by JBoss console? A login
HTML form, or HTTP basic auth? If it's the first one and cookies are
used as session tokens your exploit should work (the web browser will
submit the cookie to the target IP/domain when the evil page is
visited).
What's the authentication mechanism used by JBoss console? A login
HTML form, or HTTP basic auth? If it's the first one and cookies are
used as session tokens your exploit should work (the web browser will
submit the cookie to the target IP/domain when the evil page is
visited).
Although...
[ more ]