Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability #11990
This module exploits a vulnerability in Apache Tomcat's CGIServlet component. When the enableCmdLineArguments setting is set to true, a remote user can abuse this to execute system commands, and gain remote code execution.
Prepare a Windows box with JDK8 on it. You also want to make sure the box has the JAVA_HOME environment variable configured. For example:
To help you speed up the process, I have uploaded the actual vulnerable tomcat setup that you can use:
To use it, simply download and extract it on the Windows machine. Go to the bin directory and execute the startup.bat file.
Note that I also created a debugging port for this tomcat on 4000, so if you want, you can attach IntelliJ and observe the tomcat internals more for analysis reasons.
The cgi script should be located at: http://IP:8080/cgi/test.bat
Your bundle also includes that change. I attempted exploit against my own custom install and its failing (most likely a typo or user error on my behalf), but that instruction wasn't in the docs, but is required right?
Your bundle worked, still trying to figure out why my manual didn't (so the docs can be adjusted if need be)
worked on 8.5.20 as well on my server 2012 box.