The purpose of this Proof Of Concept is to demonstrate how it is possible to use the CVE-2017-12617 in order to have a remote control on an Apache Tomcat server.
- Please execute this command to run the server.
make server_up
- Execute this command to run the attack and upload a web shell on the server (need cURL).
make attack
If this command don't open your navigator, you could go to :
http://localhost:8080/web_shell.jsp?cmd=pwd
You will now have access to a web shell on the server, directly in your browser.
If you have any problems to run this Proof of Concept, please create an issue at : https://github.com/ygouzerh/CVE-2017-12617/issues , we will do our best to answer you as quickly as possible.