Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-1306 PoC — Apache Pluto 信息泄露漏洞

Source
https://github.com/JJSO12/Apache-Pluto-3.0.0--CVE-2018-1306
Associated Vulnerability
Title:Apache Pluto 信息泄露漏洞 (CVE-2018-1306)
Description:The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
Readme
# CVE-2018-1306

Apache Pluto 3.0.0 issue in the authorisation logic which lets attacker upload malicious files by tampering HTTP methods.

Script written in python3.

Usage: python3 ./plutorce.py http://192.168.0.1/ webshell.jsp
File Snapshot

 [4.0K]  /data/pocs/7df3ec7f8801a93a4f351fe621db2295d68c4b3a
├── [ 613]  plutorce.py
├── [ 230]  README.md
└── [ 581]  webshell.jsp

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →