资源简介
本附件是对CVE-2019-0232 Tomcat RCE 远程命令执行漏洞 的复现环境。 将文件下载到本地,直接运行tomcat 启动服务器,地址栏输入 http://localhost:8080/cgi-bin/hello.bat?c:/windows/system32/net user 即可看到漏洞效果,请勿非法使用,仅供学习研究
代码片段和文件信息
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License Version 2.0
* (the “License“); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing software
* distributed under the License is distributed on an “AS IS“ BASIS
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package mypackage;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Simple servlet to validate that the Hello World example can
* execute servlets. In the web application deployment descriptor
* this servlet must be mapped to correspond to the link in the
* “index.html“ file.
*
* @author Craig R. McClanahan
*/
public final class Hello extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Respond to a GET request for the content produced by
* this servlet.
*
* @param request The servlet request we are processing
* @param response The servlet response we are producing
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
@Override
public void doGet(HttpServletRequest request
HttpServletResponse response)
throws IOException ServletException {
response.setContentType(“text/html“);
response.setCharacterEncoding(“UTF-8“);
try (PrintWriter writer = response.getWriter()) {
writer.println(““);
writer.println(““);
writer.println(“ta charset=\“UTF-8\“ />“);
writer.println(“tle>Sample Application Servlet Page tle>“);
writer.println(““);
writer.println(““);
writer.println(“yle=\“float: left; padding: 10px;\“>“);
writer.println(““);
writer.println(“ writer.println(“
Sample Application Servlet
“);writer.println(“
“);
writer.println(“This is the output of a servlet that is part of“);
writer.println(“the Hello World application.“);
writer.println(“
writer.println(“
属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
文件 34985 2018-04-27 21:24 apache-tomcat-8.5.31\bin\bootstrap.jar
文件 1703 2018-04-27 21:24 apache-tomcat-8.5.31\bin\catalina-tasks.xm
文件 15900 2018-04-27 21:24 apache-tomcat-8.5.31\bin\catalina.bat
文件 23463 2018-04-27 21:25 apache-tomcat-8.5.31\bin\catalina.sh
文件 207125 2018-04-27 21:25 apache-tomcat-8.5.31\bin\commons-daemon-native.tar.gz
文件 25145 2018-04-27 21:24 apache-tomcat-8.5.31\bin\commons-daemon.jar
文件 2040 2018-04-27 21:24 apache-tomcat-8.5.31\bin\configtest.bat
文件 1922 2018-04-27 21:25 apache-tomcat-8.5.31\bin\configtest.sh
文件 8509 2018-04-27 21:25 apache-tomcat-8.5.31\bin\daemon.sh
文件 2091 2018-04-27 21:24 apache-tomcat-8.5.31\bin\digest.bat
文件 1965 2018-04-27 21:25 apache-tomcat-8.5.31\bin\digest.sh
文件 7393 2018-04-27 21:24 apache-tomcat-8.5.31\bin\service.bat
文件 3574 2018-04-27 21:24 apache-tomcat-8.5.31\bin\setclasspath.bat
文件 3680 2018-04-27 21:25 apache-tomcat-8.5.31\bin\setclasspath.sh
文件 2020 2018-04-27 21:24 apache-tomcat-8.5.31\bin\shutdown.bat
文件 1902 2018-04-27 21:25 apache-tomcat-8.5.31\bin\shutdown.sh
文件 2022 2018-04-27 21:24 apache-tomcat-8.5.31\bin\startup.bat
文件 1904 2018-04-27 21:25 apache-tomcat-8.5.31\bin\startup.sh
文件 2126336 2018-04-27 21:25 apache-tomcat-8.5.31\bin\tcnative-1.dll
文件 49336 2018-04-27 21:24 apache-tomcat-8.5.31\bin\tomcat-juli.jar
文件 405109 2018-04-27 21:25 apache-tomcat-8.5.31\bin\tomcat-native.tar.gz
文件 114600 2018-04-27 21:25 apache-tomcat-8.5.31\bin\tomcat8.exe
文件 118184 2018-04-27 21:25 apache-tomcat-8.5.31\bin\tomcat8w.exe
文件 4574 2018-04-27 21:24 apache-tomcat-8.5.31\bin\tool-wrapper.bat
文件 5483 2018-04-27 21:25 apache-tomcat-8.5.31\bin\tool-wrapper.sh
文件 2026 2018-04-27 21:24 apache-tomcat-8.5.31\bin\version.bat
文件 1908 2018-04-27 21:25 apache-tomcat-8.5.31\bin\version.sh
文件 14101 2018-04-27 21:24 apache-tomcat-8.5.31\conf\catalina.policy
文件 7731 2018-04-27 21:24 apache-tomcat-8.5.31\conf\catalina.properties
文件 1386 2019-04-18 11:09 apache-tomcat-8.5.31\conf\context.xm
............此处省略747个文件信息
相关资源
- 《Visual Prolog 集成开发环境(下)》
-
Windows em
bedded Compact 2013 应用开发调 - 加密软件漏洞评测系统 V8.9
- arcgis 10.1 中文环境安装包
- uCOS编译环境建立 BC45 TASM
- FIR低通滤波器 ccs运行环境
- jar转exe工具 教程,exe能在客户端没有
- 基于GTK的Linux环境下的简易任务管理器
- opencv环境配置
- 基于SPCE061A的无线环境监控系统设计
- 借助NetApp虚拟化解决方案简化VMware环
- MCGSJS090625_SW_运行环境专用版_V1.0
- 用于SAN环境的IBM N7000网关解决方案
- 在IAR环境下,lpc1788用户程序的地址及
- Sun Ray架构为Ohlone学院提供灵活计算环
- 论生态整体主义的环境法治观
- 掘进巷道风流热环境的数值模拟
- 基于Arduino的智能环境监控系统设计
- 基于Arduino和Machtalk的温棚环境监测系
- 碱环境下玻璃纤维布加固钢筋混凝土
- 静水环境中径向紊动射流数值模拟
- 网络不确定与市场力环境下电力市场
- codewarrior6.3 win10环境可以安装的破解
- Delphi Windows7环境获取硬盘序列号(支
- 基于ZigBee的温室花房环境监测系统设
- 基于ZigBee温室环境监测系统电路设计
- 基于ZigBee无线传感器网络的井下环境
- 基于ZigBee的车间环境监测系统的设计
- SPOT-5影像在安徽省矿山地质环境遥感
- 局域网内批量扫描永恒之蓝勒索病毒
川公网安备 51152502000135号
评论
共有 条评论