Glassfish from (IN)Secure admin

Loading
Loading Click here to add:
Add to notification list

A talk presenting a way to bypass the “secure admin” feature of Glassfish to access the administration panel and deploy your own webshell. 

Jérémy Mousset 
Jérémy is a pentester and a Ron addict. He’s working at Vente-privee.com but this subject comes from his previous life of penetration tester in BT. He wrote an article on MISCregarding the JMX security in Tomcat and he’s currently interested by Glassfish.