来源

关联漏洞

描述

This repository contains a Python script designed to exploit CVE-2024-50379, a vulnerability that allows attackers to upload a JSP shell to a vulnerable server and execute arbitrary commands remotely. This exploit is particularly useful when the /uploads directory is either unprotected or not present on the target server.

介绍

# CVE-2024-50379-POC
This repository contains a Python script designed to exploit **CVE-2024-50379**, a vulnerability that allows attackers to upload a JSP shell to a vulnerable server and execute arbitrary commands remotely. This exploit is particularly useful when the `/uploads` directory is either unprotected or missing on the target server.

---

## Overview

**CVE-2024-50379** is a vulnerability affecting servers that improperly handle file uploads, enabling an attacker to upload a JSP shell. This shell can then be used to execute arbitrary commands remotely. The provided Python script automates this process by uploading the shell to a vulnerable server and allowing interaction with the server through a command-line interface.

---

## Prerequisites

Before running the script, ensure that you have the following installed:

- Python 3.6+ (Recommended)
- `requests` library. Install it using pip:
  
  ```bash
  pip install requests
  ```

---

## Vulnerable Systems

The exploit targets systems running **Apache Tomcat** or similar servers that fail to properly secure their file upload functionality or have misconfigured `/uploads` directories.

> **Important:** This tool should only be used in controlled environments such as penetration testing with permission or for educational purposes. Unauthorized use of this tool may be illegal and unethical.

---

## Features

- **Automatic URL Formatting:** The tool automatically prepends `http://` to URLs without a scheme.
- **Graceful Handling of Missing `/uploads` Directory:** If the `/uploads` directory is not found, the tool continues attempting the shell upload.
- **Retry Logic:** Includes retries for failed uploads and command executions with exponential backoff to handle server/network issues.
- **HTML Output Parsing:** If the command output contains HTML, the tool attempts to extract useful information, such as the title of the page.
- **Interactive CLI:** A user-friendly command-line interface for interacting with the server after shell upload.

---

## Usage

### Step 1: Clone the repository

Clone the repository to your local machine:

```bash
git clone https://github.com/dragonked2/CVE-2024-50379-POC.git
cd CVE-2024-50379-POC
```

### Step 2: Install dependencies

Ensure you have the required Python libraries installed:

```bash
pip install requests
```

### Step 3: Run the script

Run the script with the following command:

```bash
python exploit_cve_2024_50379.py
```

### Step 4: Enter the base URL

The script will prompt you to enter the base URL of the vulnerable server (e.g., `http://localhost:8080`). If the URL does not include `http://` or `https://`, it will automatically add `http://`.

### Step 5: Upload the shell and execute commands

Once the JSP shell is uploaded successfully, you can interactively enter commands to execute on the server. The script will display the output.

Example interaction:

```bash
[+] Enter the base URL (e.g., localhost:8080): http://127.0.0.1:8080
[+] Checking server accessibility...
[+] /uploads directory not found (404), but continuing with upload attempt...
[+] Attempting to upload shell (Attempt 1/3)...
[+] Shell uploaded successfully! Check the URL: http://127.0.0.1:8080/uploads/shell.jsp
[+] Enter the command to execute on the server (or 'exit' to quit): whoami
[+] Executing command: whoami
[+] Command output:
root
```

### Step 6: Exit the tool

Type `exit` to exit the tool after completing your interactions.

---

## Error Handling and Retries

The tool includes robust error handling for common issues such as:

- Server unavailability or network issues.
- Failed JSP shell upload attempts.
- Command execution failures.

Failed operations will automatically be retried up to three times with a 2-second delay between attempts. If an operation fails after retries, an error message will be displayed.

---

## Contributing

Contributions are welcome! If you find bugs or have suggestions for improvements, feel free to open an issue or submit a pull request.

### How to Contribute:

1. Fork the repository.
2. Create a new branch.
3. Make your changes and test them.
4. Open a pull request with a description of the changes.

---

## Disclaimer

This tool is intended for educational and penetration testing purposes only. Do not use this tool on systems you do not own or have explicit permission to test. Unauthorized use is illegal and can result in criminal charges.

---

## License

This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
```

### Explanation:
- **Headings**: Clear sections using Markdown headers (`#`, `##`, `###`) for organization.
- **Code Blocks**: Properly formatted code using triple backticks (```) for commands and script output.
- **Lists**: Bullet points and ordered lists to break down features and steps.
- **Links**: A link to the LICENSE file for easy reference.

文件快照

 [4.0K]  /data/pocs/884bf39a818826bdb0667b687219f5bff08f3856
├── [6.6K]  exploit_cve_2024_50379.py
├── [ 11K]  LICENSE
└── [4.8K]  README.md

0 directories, 3 files

备注