Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-1000486 PoC — Primetek Primefaces 加密问题漏洞

Source
https://github.com/LongWayHomie/CVE-2017-1000486
Associated Vulnerability
Title:Primetek Primefaces 加密问题漏洞 (CVE-2017-1000486)
Description:Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
Description
Remote Code Execution exploit for PrimeFaces 5.x - EL Injection (CVE-2017-1000486)
Readme
# CVE-2017-1000486
Remote Code Execution exploit for PrimeFaces 5.x - EL Injection (CVE-2017-1000486)

This is basically the same exploit made by [Mogwailabs](https://github.com/mogwailabs/CVE-2017-1000486), but edited to work in closed environments without access to the internet or with blocked firewall outbound traffic.
It gives you results in HTTP response header, so in case you're trying doing blind RCEwith old exploit - not anymore.

### Usage
```
python3 primefaces.py -t vulnapp.com id
```
Feel free to edit _vuln_point_ variable for exact endpoint.
File Snapshot

 [4.0K]  /data/pocs/466683f09d3aa56a693004c95b54324e5fc13c8e
├── [  43]  payload.js
├── [5.5K]  primefaces.py
├── [ 561]  README.md
├── [  23]  requirements.txt
└── [  32]  sleep.js

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →