CVE-2011-10007

HIGH

File::Find::Rule <= 0.34 - OS Command Injection via Crafted Filename in grep()

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-10007. PoCs published by manus-use.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2017-12617, demonstrating remote code execution on an Apache Tomcat server via a PUT request to upload a web shell. It includes a Dockerized victim environment and an attack script to automate the exploitation process.

Description

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)

Exploits (1)

github WORKING POC

by manus-use · postscriptpoc

https://github.com/manus-use/cve-pocs/tree/main/file-find-rule-CVE-2011-10007

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2017-12617, demonstrating remote code execution on an Apache Tomcat server via a PUT request to upload a web shell. It includes a Dockerized victim environment and an attack script to automate the exploitation process.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache Tomcat 9.0.11

No auth needed

Prerequisites: Docker · curl · network access to target

MITRE ATT&CK