Skip to content

😛 Primefaces 5.X EL Injection Exploit (CVE-2017-1000486)

License

Notifications You must be signed in to change notification settings

oppsec/pwnfaces

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

😛 pwnfaces

Primefaces 5.X EL Injection Exploit




🕵️ What is pwnfaces?

🕵️ pwnfaces is a Golang tool created to exploit the vulnerability defined as CVE-2017-1000486 (EL Injection in PrimeFaces 5.X)


⚡ Installing / Getting started

A quick guide of how to install and use pwnfaces.

1. go install github.com/oppsec/pwnfaces@latest
2. pwnfaces -u http://127.0.0.1:8090/javax.faces.resource/dynamiccontent.properties.xhtml

You can use go install github.com/oppsec/pwnfaces@latest to update the tool



⚙️ Pre-requisites

  • Golang installed on your machine.



✨ Features

  • Extremely fast
  • Low RAM and CPU usage
  • Made in Golang



🔨 Contributing

A quick guide of how to contribute with the project.

1. Create a fork from pwnfaces repository.
2. Download the project with git clone https://github.com/your/pwnfaces.git
3. cd pwnfaces/
4. Make your changes.
5. Commit and make a git push.
6. Open a pull request.



⚠️ Warning

  • The developer is not responsible for any malicious use of this tool.