Skip to content

oppsec/pwnfaces

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits

assets

assets

 
 

src

src

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

😛 pwnfaces

Primefaces 5.X EL Injection Exploit



🕵️ What is pwnfaces?

🕵️ pwnfaces is a Golang tool created to exploit the vulnerability defined as CVE-2017-1000486 (EL Injection in PrimeFaces 5.X)


⚡ Installing / Getting started

A quick guide of how to install and use pwnfaces.

1. go install github.com/oppsec/pwnfaces@latest
2. pwnfaces -u http://127.0.0.1:8090/javax.faces.resource/dynamiccontent.properties.xhtml

You can use go install github.com/oppsec/pwnfaces@latest to update the tool



⚙️ Pre-requisites

  • Golang installed on your machine.



✨ Features

  • Extremely fast
  • Low RAM and CPU usage
  • Made in Golang



🔨 Contributing

A quick guide of how to contribute with the project.

1. Create a fork from pwnfaces repository.
2. Download the project with git clone https://github.com/your/pwnfaces.git
3. cd pwnfaces/
4. Make your changes.
5. Commit and make a git push.
6. Open a pull request.



⚠️ Warning

  • The developer is not responsible for any malicious use of this tool.

About

😛 Primefaces 5.X EL Injection Exploit (CVE-2017-1000486)

www.primefaces.org/

Topics

linux golang exploit primefaces cve redteam elinjection cve-2017-1000486

Resources

Readme

License

MIT license
Activity

Stars

20 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

15 tags

Contributors 2

  •  
  •  

Languages