CVE-2017-12617 PoC — Apache Tomcat 安全漏洞

Source

Associated Vulnerability

Description

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution for Python3

Readme

# Tomcat CVE-2017-12617 Exploit/PoC
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution for **Python3**

I just made a few adjustments to the original script to be compatible with Python 3!

---

If there's any problems or issues faced, feel free to shoot me an email satanclause666999@gmail.com or you can shoot me too if you want.

*Don't judge my email, it's used for as a throwaway*

---
# How to Use
./cve-2017-12617.py [options]

options:

-u ,--url [::] check target url if it's vulnerable

-p,--pwn [::] generate webshell and upload it

-l,--list [::] hosts list

[+]usage:

./cve-2017-12617.py -u http://127.0.0.1

./cve-2017-12617.py --url http://127.0.0.1

./cve-2017-12617.py -u http://127.0.0.1 -p pwn

./cve-2017-12617.py --url http://127.0.0.1 -pwn pwn

./cve-2017-12617.py -l hotsts.txt

./cve-2017-12617.py --list hosts.txt

File Snapshot

 [4.0K]  /data/pocs/c2aac02f16657e13763d546f3d4477caef9c1eb5
├── [ 907]  README.md
└── [5.4K]  tomcat-jsp.py

0 directories, 2 files

Remarks