cve-2017-5638 Vulnerable site sample
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
docker
exploit
src/main
.gitignore
Dockerfile
LICENSE
README.md
pom.xml

README.md

cve-2017-5638

cve-2017-5638 Vulnerable site sample

This project aims to demonstrate the CVE-2017-5638 exploitation for educational purpose. For more informations, see https://cwiki.apache.org/confluence/display/WW/S2-045

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

Getting started

  1. Start the docker container :

docker run -d -p 8080:8080 jrrdev/cve-2017-5638:latest

  1. Download the exploit script on the attacker machine here

  2. Run the python exploit script from the attacker machine :

python exploit.py http://<DOCKER_HOST>:8080/hello "ls -l"