Skip to content

jrrdev/cve-2017-5638

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cve-2017-5638

cve-2017-5638 Vulnerable site sample

This project aims to demonstrate the CVE-2017-5638 exploitation for educational purpose. For more informations, see https://cwiki.apache.org/confluence/display/WW/S2-045

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

Getting started

  1. Start the docker container :

docker run -d -p 8080:8080 jrrdev/cve-2017-5638:latest

  1. Download the exploit script on the attacker machine here

  2. Run the python exploit script from the attacker machine :

python exploit.py http://<DOCKER_HOST>:8080/hello "ls -l"

About

cve-2017-5638 Vulnerable site sample

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published