Apache Tomcat
弱口令
Vulhub - Docker-Compose file for vulnerability environment
cd vulhub/tomcat/tomcat8/
cat docker-compose.yml
docker-compose up -d
启动成功,-u= tomcat -p= tomcat登录
进入后台管理
生成一个路径
url:10.4.7.100/jshell/jshell.jsp
通过控制台getshell
本地文件包含CVE-2020-1938
Vulhub - Docker-Compose file for vulnerability environment
sudo docker-compose down
cd vulhub/tomcat/CVE-2020-1938
ls
cat docker-compose.yml