You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Found intresting poc here : https://github.com/craig/SpringCore0day/blob/main/exp.py & https://twitter.com/vxunderground/status/1509170582469943303
59
59
60
-
Not been able to test this yet, feel free to create a PR with changes
61
-
62
-
```python
63
-
python poc.py
64
-
```
60
+
* clone sample repo from https://spring.io/guides/gs/handling-form-submission/
61
+
* you can skip right to the gs-handling-form-submission/complete directory, no need to follow the tutorial
62
+
* modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy). build war file :)
63
+
* install tomcat9 + java 11 (i did it on ubuntu 20.04 via apt-get)
64
+
* deploy the war file
65
+
* update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT
66
+
* run PoC (ignore the URL it gives you for the webshell): python3 exp.py --url http://your.ip.here:8080/handling-form-submission-complete/greeting
67
+
* you should see the "tomcatwar.jsp" file now in webapps/handling-form-submission
68
+
* hit http://your.ip.here:8080/handling-form-submission/tomcatwar.jsp?pwd=j&cmd=id to see the results
0 commit comments