来源

关联漏洞

描述

PoC environment and exploit for the Apache Tomcat on Windows Remote Code Execution Vulnerability

介绍

# CVE 2017-12615 Apache Tomcat Windows RCE
## ⚠️Warning
> This is a proof of concept environment and exploit for known CVEs, strictly for learning and educational purposes. 

> Do not use these scripts or techniques on systems you do not own or have explicit permission to test. Unauthorised access or exploitation of systems is illegal and unethical.

## 📃Description
This is a proof of concept environment and exploit for CVE 2017-12615. 

The vulnerability arises in Tomcat with the following factors:
1. Servlet context was configured to have `readonly=false`
2. `HTTP PUT` requests are allowed

As such attackers may send and thus upload a **JSP** file via PUT a request. Apache Tomcat will then execute the code and render the response, rendering it vulnerable to **remote code execution (RCE)**

## ✏️Usage 
### Setting up the environment
1. Install and set up [Docker](https://www.docker.com/get-started/) 
2. Run the following commands
```
docker compose build
docker compose up -d
```

### Using the exploit
1. Install requirements
```
pip install -r requirements.txt
```
2. Run the exploit
```
python CVE-2017-12615.py [TARGETIP:PORT]
```
If the exploit was successful, you may check if your file was uploaded by going to the target address at http://target-host/test.jsp or using `curl http://target-host:port/test.jsp`

### Additional Flags
You may choose to upload your own file by specifying the file location as such:
```
python CVE-2017-12615.py [TARGETIP:PORT] -f [file_path]
```

文件快照

 [4.0K]  /data/pocs/b99449e4e71fbdd082e25c8e3dcab6815530dc9b
├── [1.0K]  CVE-2017-12615.py
├── [  63]  docker-compose.yml
├── [  81]  Dockerfile
├── [1.5K]  README.md
├── [ 186]  requirements.txt
└── [ 544]  web.xml

0 directories, 6 files

备注