漏洞描述
jexboss是一个使用Python编写的Jboss漏洞检测利用工具,利用此工具检测jboss网站时,在获取webshell时会留下一个后门/jexws4/jexws4.jsp,从远端拉取war包执行恶意程序。
Jboss渗透测试工具jexboss存在后门
PoC代码
暂无相关漏洞推荐
- POC CVE-2010-1429: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
- POC CVE-2017-12149: Jboss Application Server - Remote Code Execution
- POC CVE-2010-1871: JBoss CVE-2010-1871
- POC CVE-2017-12149: Java/Jboss Deserialization [RCE]
- POC CVE-2017-7504: JBoss 4.x JBossMQ JMS 反序列化漏洞
- POC jmx-default-password: JBoss JMX Console Weak Credential
- POC jboss-xml-console-unauthorized: JBoss JMX Console Weak Credential Discovery
- POC jboss-jbpm-default-login: JBoss jBPM Administration Console Default Login - Detect
- POC jmx-default-login: JBoss JMX Console Weak Credential Discovery
- POC jboss-seam-debug-page: Jboss Seam Debug Page Enabled
- POC jboss-web-service: JBoss Web Service Console - Detect
- POC jexboss-backdoor: JexBoss - Remote Code Execution
- (CVE-2025-2251)WildFly和JBoss EAP EJB远程调用反序列化漏洞导致远程代码执行