Apache Pluto RCE
Bookmarked!This exercise covers how to gain code execution on Apache Pluto 3.0.0 due to a flaw in the authorization logic
In this course, we delve into CVE-2018-1306, a vulnerability found in Apache Pluto 3.0.0. The vulnerability arises from multiple issues, including inadequate access control and the ability to upload files with dangerous extensions. The primary issue stems from the way access control is defined, allowing certain HTTP methods like HEAD
to bypass restrictions set for methods like GET
and POST
. This loophole can be exploited to upload a malicious JSP webshell, which can then be used to execute arbitrary commands on the server.
The course walks through the process of building and uploading a webshell using a multipart request. By exploiting the misconfiguration in access control, the attacker can upload a JSP file to a specific directory and subsequently execute commands. This exercise demonstrates how common misconfigurations in Java applications can lead to severe security vulnerabilities, emphasizing the importance of thorough access control definitions.