Some-PoC-oR-ExP

This repository is an offensive tool for collecting or writing various vulnerability POCs and exploits. The primary vulnerability targeted by the provided code is CNVD-2020-10487, a Tomcat-Ajp LFI Local File Inclusion vulnerability. The tool is designed to exploit this vulnerability to gain...

Some-PoC-oR-ExP

This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary vulnerability targeted by the code is CNVD-2020-10487, a Tomcat-Ajp local file inclusion LFI vulnerability. The tool is designed to exploit this vulnerability to...

Some-PoC-oR-ExP

This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary vulnerability targeted by the code is a remote code execution RCE vulnerability in Apache Tomcat, identified as CNVD-2020-10487. The exploit is implemented in Pyth...

Apache Tomcat - AJP 'Ghostcat File Read/Inclusion

!/usr/bin/env python CNVD-2020-10487 Tomcat-Ajp lfi by ydhcui import struct Some references: https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html def packstrings: if s is None: return struct.pack"h", -1 l = lens return struct.pack"H%dsb" % l, l, s.encode'utf8', 0 def unpackstream, fmt: size ...