资源简介
本附件是对CVE-2019-0232 Tomcat RCE 远程命令执行漏洞 的复现环境。 将文件下载到本地,直接运行tomcat 启动服务器,地址栏输入 http://localhost:8080/cgi-bin/hello.bat?c:/windows/system32/net user 即可看到漏洞效果,请勿非法使用,仅供学习研究
代码片段和文件信息
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License Version 2.0
* (the “License“); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing software
* distributed under the License is distributed on an “AS IS“ BASIS
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package mypackage;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Simple servlet to validate that the Hello World example can
* execute servlets. In the web application deployment descriptor
* this servlet must be mapped to correspond to the link in the
* “index.html“ file.
*
* @author Craig R. McClanahan
*/
public final class Hello extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Respond to a GET request for the content produced by
* this servlet.
*
* @param request The servlet request we are processing
* @param response The servlet response we are producing
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
@Override
public void doGet(HttpServletRequest request
HttpServletResponse response)
throws IOException ServletException {
response.setContentType(“text/html“);
response.setCharacterEncoding(“UTF-8“);
try (PrintWriter writer = response.getWriter()) {
writer.println(““);
writer.println(““);
writer.println(“ta charset=\“UTF-8\“ />“);
writer.println(“tle>Sample Application Servlet Page tle>“);
writer.println(““);
writer.println(““);
writer.println(“yle=\“float: left; padding: 10px;\“>“);
writer.println(““);
writer.println(“ writer.println(“
Sample Application Servlet
“);writer.println(“
“);
writer.println(“This is the output of a servlet that is part of“);
writer.println(“the Hello World application.“);
writer.println(“
writer.println(“
属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
文件 34985 2018-04-27 21:24 apache-tomcat-8.5.31\bin\bootstrap.jar
文件 1703 2018-04-27 21:24 apache-tomcat-8.5.31\bin\catalina-tasks.xm
文件 15900 2018-04-27 21:24 apache-tomcat-8.5.31\bin\catalina.bat
文件 23463 2018-04-27 21:25 apache-tomcat-8.5.31\bin\catalina.sh
文件 207125 2018-04-27 21:25 apache-tomcat-8.5.31\bin\commons-daemon-native.tar.gz
文件 25145 2018-04-27 21:24 apache-tomcat-8.5.31\bin\commons-daemon.jar
文件 2040 2018-04-27 21:24 apache-tomcat-8.5.31\bin\configtest.bat
文件 1922 2018-04-27 21:25 apache-tomcat-8.5.31\bin\configtest.sh
文件 8509 2018-04-27 21:25 apache-tomcat-8.5.31\bin\daemon.sh
文件 2091 2018-04-27 21:24 apache-tomcat-8.5.31\bin\digest.bat
文件 1965 2018-04-27 21:25 apache-tomcat-8.5.31\bin\digest.sh
文件 7393 2018-04-27 21:24 apache-tomcat-8.5.31\bin\service.bat
文件 3574 2018-04-27 21:24 apache-tomcat-8.5.31\bin\setclasspath.bat
文件 3680 2018-04-27 21:25 apache-tomcat-8.5.31\bin\setclasspath.sh
文件 2020 2018-04-27 21:24 apache-tomcat-8.5.31\bin\shutdown.bat
文件 1902 2018-04-27 21:25 apache-tomcat-8.5.31\bin\shutdown.sh
文件 2022 2018-04-27 21:24 apache-tomcat-8.5.31\bin\startup.bat
文件 1904 2018-04-27 21:25 apache-tomcat-8.5.31\bin\startup.sh
文件 2126336 2018-04-27 21:25 apache-tomcat-8.5.31\bin\tcnative-1.dll
文件 49336 2018-04-27 21:24 apache-tomcat-8.5.31\bin\tomcat-juli.jar
文件 405109 2018-04-27 21:25 apache-tomcat-8.5.31\bin\tomcat-native.tar.gz
文件 114600 2018-04-27 21:25 apache-tomcat-8.5.31\bin\tomcat8.exe
文件 118184 2018-04-27 21:25 apache-tomcat-8.5.31\bin\tomcat8w.exe
文件 4574 2018-04-27 21:24 apache-tomcat-8.5.31\bin\tool-wrapper.bat
文件 5483 2018-04-27 21:25 apache-tomcat-8.5.31\bin\tool-wrapper.sh
文件 2026 2018-04-27 21:24 apache-tomcat-8.5.31\bin\version.bat
文件 1908 2018-04-27 21:25 apache-tomcat-8.5.31\bin\version.sh
文件 14101 2018-04-27 21:24 apache-tomcat-8.5.31\conf\catalina.policy
文件 7731 2018-04-27 21:24 apache-tomcat-8.5.31\conf\catalina.properties
文件 1386 2019-04-18 11:09 apache-tomcat-8.5.31\conf\context.xm
............此处省略747个文件信息
相关资源
- cve-2018-20250 WinRAR代码执行漏洞演示
- ArcGIS9.3汉化包 ArcGIS9.3中文环境
- cve-2019-0708无损扫描工具
- Easy 搞定Unix和Linux环境使用基础篇
- WinCE环境的游戏
- apue/unix高级环境编程中文版PDF非影印
- RTCA-DO-160F 机载设备的环境条件和测试
- Keil环境C8051F仿真调试驱动程序包括
- bash漏洞 redhat rpm升级包
- 国内SRC漏洞挖掘技巧与经验分享
- Linux服务器环境搭建及项目部署手册
- 移动传播环境.[word版]
- IDEA 搭建Spring MVC环境二
- {必牛}[2D网络游戏引擎][第一课 开发环
- Windows环境下32位汇编语言程序设计(
- 一个基于FPGA的PCI数据采集程序包括
- CPU漏洞分析——Meltdown与Spectre
- Jenkins+SVN+Ant持续集成环境配置笔记
- K5环境+STM32+MPU6050+卡尔曼滤波源码
- Windows环境下32位汇编语言程序设计第
- floodlight+mininet环境配置+入门
- 规划环境影响评价中大气环境容量计
- 北邮计算机图形学作业二
- 实验一 嵌入式Linux开发环境的搭建及
- STM32驱动BH1750环境光强度传感器(GY
- Libero-SoC集成开发环境使用教程超级详
- 移动传播环境——杨大成.pdf
- Ofbiz16.11.05运行及开发环境搭建等
- TI公司推出的CCS3.3开发环境中文入门指
- War-ftp 1.65安装包
川公网安备 51152502000135号
评论
共有 条评论