This JSP shell contains one function—when an attacker calls the shell, it will execute the java function System.getProperty(). This function gets a property as defined by the JVM. The shell can be uploaded to the target system via a vulnerability or misconfigured application. An attacker can use this shell to disclose information about the target system.
- The attacker uploads the JSP shell to the target system via a vulnerability or misconfigured application.
- The server responds indicating that the upload has been successful.
- The attacker sends a request to the shell.
- The shell retrieves the user-defined property and displays this in the server response.
The attacker must have exploited some other entry vector to allow the malicious files to become resident on the victim machine.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
Ensure that all public internet-facing hosts have available patches applied and are sufficiently hardened for public access.