Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Jolokia - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#jolokia#springboot#tomcat#lfi
Description

What is "Jolokia - Local File Inclusion?"

The "Jolokia - Local File Inclusion" module is designed to detect a vulnerability in the Jolokia software. Jolokia is a JMX-HTTP bridge that allows remote JMX (Java Management Extensions) clients to interact with JMX-enabled applications. This module specifically targets the "compilerDirectivesAdd" function in Jolokia, which is vulnerable to local file inclusion.

This vulnerability can have a high severity level, as it allows an attacker to include arbitrary files from the server's file system, potentially exposing sensitive information or executing malicious code.

This module was authored by dhiyaneshDk.

Impact

A successful exploitation of the "Jolokia - Local File Inclusion" vulnerability can lead to unauthorized access to sensitive files on the server. This can result in the exposure of confidential data, such as passwords or configuration files, and may also enable an attacker to execute arbitrary code on the server.

How the module works?

The "Jolokia - Local File Inclusion" module works by sending HTTP requests to the target server, attempting to exploit the vulnerability in the Jolokia software. It specifically targets the "compilerDirectivesAdd" function and tries to include the "/etc/passwd" file.

An example of an HTTP request sent by this module:

GET /jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd

The module uses matching conditions to determine if the vulnerability is present. It checks if the response contains the string "root:.*:0:0:" (indicating the presence of the "/etc/passwd" file) and if the response status is 200 (indicating a successful request).

If both conditions are met, the module reports the vulnerability.

Reference

- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/jolokia/exec/com.su.../actuator/jolokia/ex...
Matching conditions
regex: root:.*:0:0:, compilerDirectivesAddand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability