Skip to content

Latest commit

 

History

History
44 lines (27 loc) · 760 Bytes

README.md

File metadata and controls

44 lines (27 loc) · 760 Bytes
Raw

Example of shell exploit

  1. Build java:
mvn package
  1. Build container
docker build -t tomcat-example .
  1. Run:
docker run -d -p 8080:8080 tomcat-example
  1. Run python attack:
python exploit.py

Done!

Shell should be available at: http://localhost:8080/shell.jsp?cmd=id

Run with workaround

Enables the controller advice specified in BinderControllerAdvice

docker run -e "SPRING_PROFILES_ACTIVE=fix" -d -p 8080:8080 tomcat-example`

If you now run the exploit python exploit.py it will not create the file shell.js.
Please beware that this is not a complete workaround until the actual issue is fixed.