CVE-2019-0227 PoC — Apache Axis 代码问题漏洞

Source

https://github.com/ianxtianxt/cve-2019-0227

Associated Vulnerability

Title:Apache Axis 代码问题漏洞 (CVE-2019-0227)
Description:Apache Axis是美国阿帕奇（Apache）基金会的一个开源、基于XML的Web服务架构。该产品包含了Java和C++语言实现的SOAP服务器，以及各种公用服务及API，以生成和部署Web服务应用。 Apache Axis 1.4版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

Description

apache axis1.4远程代码执行漏洞

Readme

# cve-2019-0227
apache axis1.4远程代码执行漏洞
需要在本机msf设置监听，另外需要修改代码24-30行处

＃您需要更改这些变量以匹配您的配置
myip =  “ 192.168.0.117 ”  ＃您机器的IP
target =  “ 192.168.0.102 ”  ＃目标IP
网关=  “ 192.168.0.1 ”  ＃默认网关
targetport =  “ 8080 ”  ＃目标运行轴的端口（可能是8080）
pathtoaxis =  “ http://192.168.0.102:8080/axis ”  ＃这可以是自定义的视轴安装，但是这是默认
spoofinterface =  “ eth0 ”  ＃伪造的接口
jspwritepath =  “ webapps \\ axis \\ exploit.jsp ”  ＃在目标上写入JSP有效负载的相对路径这是Tomcat安装的默认路径

File Snapshot


 [4.0K]  /data/pocs/9ef25c0f12713285c41a15d3740bf9d12c4fbd7b
├── [7.4K]  cve-2019-0227.py
└── [ 700]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!