Skip to content
/ CVE-2024-50379-POC Public

This repository contains a Python script designed to exploit CVE-2024-50379, a vulnerability that allows attackers to upload a JSP shell to a vulnerable server and execute arbitrary commands remotely. This exploit is particularly useful when the /uploads directory is either unprotected or not present on the target server.

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dragonked2/CVE-2024-50379-POC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit_cve_2024_50379.py
exploit_cve_2024_50379.py
 
 

Repository files navigation

CVE-2024-50379-POC

This repository contains a Python script designed to exploit CVE-2024-50379, a vulnerability that allows attackers to upload a JSP shell to a vulnerable server and execute arbitrary commands remotely. This exploit is particularly useful when the /uploads directory is either unprotected or missing on the target server.

Overview

CVE-2024-50379 is a vulnerability affecting servers that improperly handle file uploads, enabling an attacker to upload a JSP shell. This shell can then be used to execute arbitrary commands remotely. The provided Python script automates this process by uploading the shell to a vulnerable server and allowing interaction with the server through a command-line interface.

Prerequisites

Before running the script, ensure that you have the following installed:

  • Python 3.6+ (Recommended)

  • requests library. Install it using pip:

    pip install requests

Vulnerable Systems

The exploit targets systems running Apache Tomcat or similar servers that fail to properly secure their file upload functionality or have misconfigured /uploads directories.

Important: This tool should only be used in controlled environments such as penetration testing with permission or for educational purposes. Unauthorized use of this tool may be illegal and unethical.

Features

  • Automatic URL Formatting: The tool automatically prepends http:// to URLs without a scheme.
  • Graceful Handling of Missing /uploads Directory: If the /uploads directory is not found, the tool continues attempting the shell upload.
  • Retry Logic: Includes retries for failed uploads and command executions with exponential backoff to handle server/network issues.
  • HTML Output Parsing: If the command output contains HTML, the tool attempts to extract useful information, such as the title of the page.
  • Interactive CLI: A user-friendly command-line interface for interacting with the server after shell upload.

Usage

Step 1: Clone the repository

Clone the repository to your local machine:

git clone https://github.com/dragonked2/CVE-2024-50379-POC.git
cd CVE-2024-50379-POC

Step 2: Install dependencies

Ensure you have the required Python libraries installed:

pip install requests

Step 3: Run the script

Run the script with the following command:

python exploit_cve_2024_50379.py

Step 4: Enter the base URL

The script will prompt you to enter the base URL of the vulnerable server (e.g., http://localhost:8080). If the URL does not include http:// or https://, it will automatically add http://.

Step 5: Upload the shell and execute commands

Once the JSP shell is uploaded successfully, you can interactively enter commands to execute on the server. The script will display the output.

Example interaction:

[+] Enter the base URL (e.g., localhost:8080): http://127.0.0.1:8080
[+] Checking server accessibility...
[+] /uploads directory not found (404), but continuing with upload attempt...
[+] Attempting to upload shell (Attempt 1/3)...
[+] Shell uploaded successfully! Check the URL: http://127.0.0.1:8080/uploads/shell.jsp
[+] Enter the command to execute on the server (or 'exit' to quit): whoami
[+] Executing command: whoami
[+] Command output:
root

Step 6: Exit the tool

Type exit to exit the tool after completing your interactions.

Error Handling and Retries

The tool includes robust error handling for common issues such as:

  • Server unavailability or network issues.
  • Failed JSP shell upload attempts.
  • Command execution failures.

Failed operations will automatically be retried up to three times with a 2-second delay between attempts. If an operation fails after retries, an error message will be displayed.

Contributing

Contributions are welcome! If you find bugs or have suggestions for improvements, feel free to open an issue or submit a pull request.

How to Contribute:

  1. Fork the repository.
  2. Create a new branch.
  3. Make your changes and test them.
  4. Open a pull request with a description of the changes.

Disclaimer

This tool is intended for educational and penetration testing purposes only. Do not use this tool on systems you do not own or have explicit permission to test. Unauthorized use is illegal and can result in criminal charges.

License

This project is licensed under the MIT License. See the LICENSE file for details.


### Explanation:
- **Headings**: Clear sections using Markdown headers (`#`, `##`, `###`) for organization.
- **Code Blocks**: Properly formatted code using triple backticks (```) for commands and script output.
- **Lists**: Bullet points and ordered lists to break down features and steps.
- **Links**: A link to the LICENSE file for easy reference.

About

This repository contains a Python script designed to exploit CVE-2024-50379, a vulnerability that allows attackers to upload a JSP shell to a vulnerable server and execute arbitrary commands remotely. This exploit is particularly useful when the /uploads directory is either unprotected or not present on the target server.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages