JOnAS Remote Command Injection Exploit

This module exploits a XSS vulnerability in JOnAS which allows IMPACT Pro to perform remote command injection impersonating an administrator and uploading a plugin to the JOnAS server. This module runs a web server waiting for a JOnAS administrator to connect to it. When the client connects, it will retrieve their JOnAS cookie and try to install an agent on the JOnAS server by installing a custom plugin in JOnAS.
Exploit type: 
Vulnerabilty ID: 
Released Date: 
Thursday, September 24, 2009 - 19:00