This repository contains a proof of concept (PoC) script to exploit CVE-2024-50379, a vulnerability in Apache Tomcat. The vulnerability is a Time-of-Check Time-of-Use (TOCTOU) race condition that can lead to remote code execution (RCE) if the server's configuration allows writable directories.
- Uploads a malicious JSP shell to the vulnerable Apache Tomcat server.
- Executes arbitrary system commands via the uploaded shell.
- Demonstrates the exploitation process for CVE-2024-50379.
- Python: Version 3.x
- Python Libraries:
requests- Install using:
pip3 install requests
- Install using:
Ensure you have a vulnerable version of Apache Tomcat (e.g., 10.1.33) configured with:
- Writable
/uploadsdirectory. - An upload handler JSP file (
upload.jsp).
To run the script, use the following command:
python3 poc.py <command>