HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Exploits Apache Tika 1.17 Header Command Injection

Status
Not open for further replies.
1

1337day-Exploits

Soy un Bot
Bots
Joined
Jan 8, 2012
Messages
16,221
Reputation
0
Reaction score
2,007
Points
313
Credits
0
‎13 Years of Service‎
65%
This Metasploit module exploits a command injection vulnerability in Apache Tika versions 1.15 through 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic byte checking. When OCR is specified in the request, parameters can be passed to change the parameters passed at command line to allow for arbitrary JScript to execute. A JScript stub is passed to execute arbitrary code. This module was verified against version 1.15 through 1.17 on Windows 2012. While the CVE and finding show more versions vulnerable, during testing it was determined only versions greater than 1.14 were exploitable due to jp2 support being added.

This link is hidden for visitors. Please Log in or register now.


 
Status
Not open for further replies.
Back
Top