Apache Pluto RCE

This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic

< 1 Hr.
Brown Badge


In this course, we delve into CVE-2018-1306, a vulnerability found in Apache Pluto 3.0.0. The vulnerability arises from multiple issues, including inadequate access control and the ability to upload files with dangerous extensions. The primary issue stems from the way access control is defined, allowing certain HTTP methods like `HEAD` to bypass restrictions set for methods like `GET` and `POST`. This loophole can be exploited to upload a malicious JSP webshell, which can then be used to execute arbitrary commands on the server.

The course walks through the process of building and uploading a webshell using a multipart request. By exploiting the misconfiguration in access control, the attacker can upload a JSP file to a specific directory and subsequently execute commands. This exercise demonstrates how common misconfigurations in Java applications can lead to severe security vulnerabilities, emphasizing the importance of thorough access control definitions.

Want to learn more? Get started with PentesterLab Pro! GO PRO