😛 pwnfaces

Primefaces 5.X EL Injection Exploit


🕵️ What is pwnfaces?

🕵️ pwnfaces is a Golang tool created to exploit the vulnerability defined as CVE-2017-1000486 (EL Injection in PrimeFaces 5.X)

⚡ Installing / Getting started

A quick guide of how to install and use pwnfaces.

1. go install github.com/oppsec/pwnfaces
2. pwnfaces -u http://127.0.0.1:8090/javax.faces.resource/dynamiccontent.properties.xhtml

You can use go install github.com/oppsec/[email protected] to update the tool

⚙️ Pre-requisites

  • Golang installed on your machine.

✨ Features

  • Extremely fast
  • Low RAM and CPU usage
  • Made in Golang

🔨 Contributing

A quick guide of how to contribute with the project.

1. Create a fork from pwnfaces repository.
2. Download the project with git clone https://github.com/your/pwnfaces.git
3. cd pwnfaces/
4. Make your changes.
5. Commit and make a git push.
6. Open a pull request.

⚠️ Warning

  • The developer is not responsible for any malicious use of this tool.

GitHub

View Github