CVE-2017-12615 PoC — Apache Tomcat 安全漏洞

Source

https://github.com/w0x68y/CVE-2017-12615-EXP

Associated Vulnerability

Title:Apache Tomcat 安全漏洞 (CVE-2017-12615)
Description:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Description

CVE-2017-12615 任意文件写入exp，写入webshell

Readme

# CVE-2017-12615-EXP

```
> .\CVE-2017-12615.exe 

 @@@@@@@ @@@  @@@ @@@@@@@@           @@@@@@   @@@@@@   @@@ @@@@@@@@           @@@  @@@@@@    @@@@@   @@@ @@@@@@@
!@@      @@!  @@@ @@!               @@   @@@ @@!  @@@ @@@@      @@!          @@@@ @@   @@@ @@!@     @@@@ !@@
!@!      @!@  !@! @!!!:!   @!@!@!@!   .!!@!  @!@  !@!  !@!     @!!  @!@!@!@!  !@!   .!!@!  @!@!@!@   !@! !!@@!!
:!!       !: .:!  !!:                !!:     !!:  !!!  !!!  .!!:              !!!  !!:     !!:  !!!  !!!     !:!
 :: :: :    ::    : :: ::           :.:: :::  : : ::   ::  : :                ::  :.:: :::  : : ::   ::  :: : :
                                                                                                             --w0x68y
Usage: CVE-2017-12615 <domain>
Shell usage: xxx.jsp?cmd=id&pwd=0909
```

以时间戳命名写入 webshell

![exp](exp测试.jpg)

![webshell](webshell.jpg)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!