cve-2017-5638 Vulnerable site sample

This project aims to demonstrate the CVE-2017-5638 exploitation for educational purpose. For more informations, see https://cwiki.apache.org/confluence/display/WW/S2-045

This project is made for educational and ethical testing purposes only. Attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

1. Start the docker container :

docker run -d -p 8080:8080 jrrdev/cve-2017-5638:latest

2. Download the exploit script on the attacker machine here

3. Run the python exploit script from the attacker machine :

python exploit.py http://<DOCKER_HOST>:8080/hello "ls -l"