CVE-2013-1488 PoC — Oracle Java 任意代码执行漏洞

Source

https://github.com/v-p-b/buherablog-cve-2013-1488

Associated Vulnerability

Title:Oracle Java 任意代码执行漏洞 (CVE-2013-1488)
Description:The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.

Description

PoC Java exploit based on http://www.contextis.com/research/blog/java-pwn2own/

Readme

Java Pwn2Own exploit - CVE-2013-1488
====================================

Proof-of-Concept exploit by [axt](http://axtaxt.wordpress.com) based on the [writeup by James Forshaw](http://www.contextis.com/research/blog/java-pwn2own/)

Affects JRE versions before 7u21

File Snapshot


 [4.0K]  /data/pocs/c85f99a440a1245de751f38409d6c4ad3ee22658
├── [ 266]  README.md
└── [4.0K]  src
    ├── [1.5K]  FakeDriver1.java
    ├── [2.2K]  FakeDriver2.java
    ├── [1.3K]  MainApplet.java
    └── [4.0K]  META-INF
        └── [4.0K]  services
            ├── [  43]  java.lang.Object
            └── [  23]  java.sql.Driver

3 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!