- Build java:
mvn package
- Build container
docker build -t tomcat-example .
- Run:
docker run -d -p 8080:8080 tomcat-example
- Run python attack:
python exploit.py
Shell should be available at:
http://localhost:8080/shell.jsp?cmd=id
Enables the controller advice specified in BinderControllerAdvice
docker run -e "SPRING_PROFILES_ACTIVE=fix" -d -p 8080:8080 tomcat-example`
If you now run the exploit python exploit.py
it will not create the file shell.js.
Please beware that this is not a complete workaround until the actual issue is fixed.