Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Jolokia - Searching MBeans" module is designed to detect vulnerabilities related to the Jolokia library and its integration with MBeans. Jolokia is a JMX-HTTP bridge that allows remote access to JMX MBeans in a Java application. This module specifically focuses on searching for MBeans using Jolokia and identifies potential misconfigurations or vulnerabilities that could be exploited.
This module has a low severity level, indicating that the identified issues may have limited impact or pose a lower risk to the target system.
Author: pussycat0x
The impact of the vulnerabilities detected by this module can vary depending on the specific misconfiguration or vulnerability found. However, potential consequences may include unauthorized access to sensitive information, remote code execution, or other security breaches.
The "Jolokia - Searching MBeans" module works by sending HTTP requests to the target system and analyzing the responses based on predefined matching conditions. It searches for MBeans using the Jolokia API and checks for specific patterns in the response body.
One example of an HTTP request sent by this module is:
GET /jolokia/search/*:test=test
The module then applies the following matching conditions:
- Status code: The response must have a status code of 200. - Response body: The response body must contain the following words:"type":"search"
and "value":
.
If all the matching conditions are met, the module reports a potential vulnerability or misconfiguration related to the Jolokia integration with MBeans.
For more information, you can refer to the following references:
- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/ - https://github.com/laluka/jolokia-exploitation-toolkit