/pwnfaces

Primefaces 5.X EL Injection Exploit (CVE-2017-1000486)

Primary LanguageGoMIT LicenseMIT

😛 pwnfaces

Primefaces 5.X EL Injection Exploit



🕵️ What is pwnfaces?

🕵️ pwnfaces is a Golang tool created to exploit the vulnerability defined as CVE-2017-1000486 (EL Injection in PrimeFaces 5.X)


Installing / Getting started

A quick guide of how to install and use pwnfaces.

1. go install github.com/oppsec/pwnfaces
2. pwnfaces -u http://127.0.0.1:8090/javax.faces.resource/dynamiccontent.properties.xhtml

You can use go install github.com/oppsec/pwnfaces@latest to update the tool



⚙️ Pre-requisites

  • Golang installed on your machine.



Features

  • Extremely fast
  • Low RAM and CPU usage
  • Made in Golang



🔨 Contributing

A quick guide of how to contribute with the project.

1. Create a fork from pwnfaces repository.
2. Download the project with git clone https://github.com/your/pwnfaces.git
3. cd pwnfaces/
4. Make your changes.
5. Commit and make a git push.
6. Open a pull request.



⚠️ Warning

  • The developer is not responsible for any malicious use of this tool.