Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Jolokia - Searching MBeans

By kannthu

Low
Vidoc logoVidoc Module
#jolokia#springboot#mbean#tomcat
Description

What is "Jolokia - Searching MBeans?"

The "Jolokia - Searching MBeans" module is designed to detect vulnerabilities related to the Jolokia library and its integration with MBeans. Jolokia is a JMX-HTTP bridge that allows remote access to JMX MBeans in a Java application. This module specifically focuses on searching for MBeans using Jolokia and identifies potential misconfigurations or vulnerabilities that could be exploited.

This module has a low severity level, indicating that the identified issues may have limited impact or pose a lower risk to the target system.

Author: pussycat0x

Impact

The impact of the vulnerabilities detected by this module can vary depending on the specific misconfiguration or vulnerability found. However, potential consequences may include unauthorized access to sensitive information, remote code execution, or other security breaches.

How the module works?

The "Jolokia - Searching MBeans" module works by sending HTTP requests to the target system and analyzing the responses based on predefined matching conditions. It searches for MBeans using the Jolokia API and checks for specific patterns in the response body.

One example of an HTTP request sent by this module is:

GET /jolokia/search/*:test=test

The module then applies the following matching conditions:

- Status code: The response must have a status code of 200. - Response body: The response body must contain the following words: "type":"search" and "value":.

If all the matching conditions are met, the module reports a potential vulnerability or misconfiguration related to the Jolokia integration with MBeans.

For more information, you can refer to the following references:

- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/ - https://github.com/laluka/jolokia-exploitation-toolkit

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/jolokia/search/*:te.../actuator/jolokia/se...
Matching conditions
status: 200and
word: "type":"search", "value":
Passive global matcher
No matching conditions.
On match action
Report vulnerability