Skip to content
/ pwnfaces Public

😛 Primefaces 5.X EL Injection Exploit (CVE-2017-1000486)

www.primefaces.org/

License

MIT license
19 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

oppsec/pwnfaces

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
assets
assets
 
 
src
src
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

😛 pwnfaces

Primefaces 5.X EL Injection Exploit



🕵️ What is pwnfaces?

🕵️ pwnfaces is a Golang tool created to exploit the vulnerability defined as CVE-2017-1000486 (EL Injection in PrimeFaces 5.X)


⚡ Installing / Getting started

A quick guide of how to install and use pwnfaces.

1. go install github.com/oppsec/pwnfaces@latest
2. pwnfaces -u http://127.0.0.1:8090/javax.faces.resource/dynamiccontent.properties.xhtml

You can use go install github.com/oppsec/pwnfaces@latest to update the tool



⚙️ Pre-requisites

  • Golang installed on your machine.



✨ Features

  • Extremely fast
  • Low RAM and CPU usage
  • Made in Golang



🔨 Contributing

A quick guide of how to contribute with the project.

1. Create a fork from pwnfaces repository.
2. Download the project with git clone https://github.com/your/pwnfaces.git
3. cd pwnfaces/
4. Make your changes.
5. Commit and make a git push.
6. Open a pull request.



⚠️ Warning

  • The developer is not responsible for any malicious use of this tool.

About

😛 Primefaces 5.X EL Injection Exploit (CVE-2017-1000486)

www.primefaces.org/

Topics

linux golang exploit primefaces cve redteam elinjection cve-2017-1000486

Resources

Readme

License

MIT license
Activity

Stars

19 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

15 tags

Contributors 2

  •  
  •  

Languages