Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Jolokia - Local File Inclusion" module is designed to detect a vulnerability in the Jolokia software. Jolokia is a JMX-HTTP bridge that allows remote JMX (Java Management Extensions) clients to interact with JMX-enabled applications. This module specifically targets the "compilerDirectivesAdd" function in Jolokia, which is vulnerable to local file inclusion.
This vulnerability can have a high severity level, as it allows an attacker to include arbitrary files from the server's file system, potentially exposing sensitive information or executing malicious code.
This module was authored by dhiyaneshDk.
A successful exploitation of the "Jolokia - Local File Inclusion" vulnerability can lead to unauthorized access to sensitive files on the server. This can result in the exposure of confidential data, such as passwords or configuration files, and may also enable an attacker to execute arbitrary code on the server.
The "Jolokia - Local File Inclusion" module works by sending HTTP requests to the target server, attempting to exploit the vulnerability in the Jolokia software. It specifically targets the "compilerDirectivesAdd" function and tries to include the "/etc/passwd" file.
An example of an HTTP request sent by this module:
GET /jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd
The module uses matching conditions to determine if the vulnerability is present. It checks if the response contains the string "root:.*:0:0:" (indicating the presence of the "/etc/passwd" file) and if the response status is 200 (indicating a successful request).
If both conditions are met, the module reports the vulnerability.
Reference- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/