JOnAS Remote Command Injection Exploit

This module exploits a XSS vulnerability in JOnAS which allows IMPACT Pro to perform remote command injection impersonating an administrator and uploading a plugin to the JOnAS server. This module runs a web server waiting for a JOnAS administrator to connect to it. When the client connects, it will retrieve their JOnAS cookie and try to install an agent on the JOnAS server by installing a custom plugin in JOnAS.
Exploit type: 
Vulnerabilty ID: 
NOCVE-9999-36877
Product Version: 
9.0
Released Date: 
Friday, September 25, 2009 - 00:00