CVE-2018-1335

This Metasploit module exploits a command injection vulnerability in Apache Tika 1.15-1.17 on Windows by leveraging a malformed image/jp2 file and OCR parameters to execute arbitrary JScript code. It uses a PUT request with crafted headers to trigger the payload, achieving remote code execution.

This PoC exploits CVE-2018-1335 in Apache Tika-server by sending a malicious HTTP PUT request with crafted headers and a JScript payload to achieve remote command execution. The exploit leverages the Tesseract OCR feature to execute arbitrary commands via WScript.Shell.

The repository contains only a README file with minimal information about CVE-2018-1335, lacking any exploit code or technical details. No functional PoC or exploit logic is present.

This repository contains a detailed writeup and exploit code for CVE-2018-1335, a command injection vulnerability in Apache Tika-server versions 1.7 to 1.17. The exploit leverages unsanitized user input in HTTP headers to execute arbitrary commands on the target system.

This is a functional PoC for CVE-2018-1335, exploiting a remote code execution vulnerability in Apache Tika-server versions < 1.18 via malicious headers and JScript payloads. The exploit leverages the Tika server's OCR feature to execute arbitrary commands.

This exploit leverages CVE-2018-1335, a command injection vulnerability in Apache Tika, by manipulating headers to execute arbitrary commands via JScript. The PoC sends a crafted PUT request to the Tika server's /meta endpoint with malicious headers and payload.

This exploit leverages CVE-2018-1335, a command injection vulnerability in Apache Tika, by sending a malicious HTTP PUT request with crafted headers and a JScript payload to execute arbitrary commands on the target system.

This Metasploit module exploits a command injection vulnerability in Apache Tika 1.15-1.17 on Windows by leveraging a maliciously crafted JP2 file and JScript payload to achieve remote code execution via the OCR feature.