oppsec/pwnfaces

Add a switch to change the dynamiccontenet location

Opened this issue · 1 comments

In some cases the server will return 404 if you requests the dynamiccontent. But when you make an request for a different location like /javax.faces.resource/x.jsf you can exploit normally, so i suggest to add an switch to change the location.

You can use argparse as example.

Hi @d4rl

Thanks for your issue. I don't define any path as default to exploit, I leave the option of the user choosing where he wants to explore. I just used dynamiccontent as an example, you can check on the source code.

Best regards,
oppsec.