Apache Pluto RCE

Bookmarked!

This exercise covers how to gain code execution on Apache Pluto 3.0.0 due to a flaw in the authorization logic

PRO Medium < 1 Hr. 556 Brown Badge

Course

This course explores the exploitation of a vulnerability in Apache Pluto 3.0.0, specifically CVE-2018-1306. The vulnerability allows an attacker to upload a webshell by manipulating the HTTP method, bypassing access controls.

Skills covered

Injection Authentication Operating System Network

CWE-200

Included with PRO

Full course content 1 video Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account