CVE-2024-50379 Proof of Concept (PoC)

This repository contains a proof of concept (PoC) script to exploit CVE-2024-50379, a vulnerability in Apache Tomcat. The vulnerability is a Time-of-Check Time-of-Use (TOCTOU) race condition that can lead to remote code execution (RCE) if the server's configuration allows writable directories.

Features

Uploads a malicious JSP shell to the vulnerable Apache Tomcat server.
Executes arbitrary system commands via the uploaded shell.
Demonstrates the exploitation process for CVE-2024-50379.

Requirements

Python: Version 3.x
Python Libraries: requests
- Install using:
```
pip3 install requests
```

Usage

1. Setup Vulnerable Environment

Ensure you have a vulnerable version of Apache Tomcat (e.g., 10.1.33) configured with:

Writable /uploads directory.
An upload handler JSP file (upload.jsp).

2. Run the PoC Script

To run the script, use the following command:

python3 poc.py <command>

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
2024-12-21 02-57-51.mkv		2024-12-21 02-57-51.mkv
README.md		README.md
poc.py		poc.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-50379 Proof of Concept (PoC)

Features

Requirements

Usage

1. Setup Vulnerable Environment

2. Run the PoC Script

About

Releases

Packages

Languages

Alchemist3dot14/CVE-2024-50379

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-50379 Proof of Concept (PoC)

Features

Requirements

Usage

1. Setup Vulnerable Environment

2. Run the PoC Script

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages