- Quick shortcut to check whether a glassfish server is vulnerable to CVE-2011-1511
- It'll issue a TRACE to the "create new user" object, it doesn't create the new user.
- To port: create the user!
- Usage: Run using a custom insertion point that includes the verb and URL portions of the request
- Replace the original swf within a server's response with a custom one
- The custom swf file inherits the session and may modify events, actions and controls.
- Usage: Browse original SWF -> SWFReplace it through the context menu -> Choose new SWF -> Run -> Show response in browser
- Mark any incoming messages that may indicate to be a WSDL
- Enumerate the EndPoint's services, portTypes, bindings and messages
- To port: create XML megatags and issue requests.
- Usage: Just load the module and output where convenient