CVE-2024-50379

This repository contains a proof-of-concept exploit for CVE-2024-50379, which appears to be a vulnerability allowing arbitrary file uploads to a target server. The exploit uploads a JSP shell file to the server, enabling remote code execution.

This Go-based PoC exploits a race condition in Apache Tomcat (CVE-2024-50379) to achieve RCE by concurrently sending PUT and GET requests to create a malicious JSP file. The payload executes a command to write a demo file to the web root.

The repository contains functional exploit code for CVE-2024-50379, targeting Apache Tomcat with a command execution vulnerability. The PoC demonstrates session creation and command execution via crafted HTTP requests.

This PoC exploits a race condition in Apache Tomcat (CVE-2024-50379) to achieve RCE by concurrently sending PUT requests with JSP payloads and GET requests to trigger execution. The script uses threading to maximize the chance of exploiting the race condition.

This repository contains a Proof of Concept (POC) for CVE-2024-50379, a TOCTOU race condition vulnerability in Apache Tomcat that can lead to Remote Code Execution (RCE) on case-insensitive file systems like Windows.

This repository contains a Python script designed to exploit CVE-2024-50379, a vulnerability that allows attackers to upload a JSP shell to a vulnerable server and execute arbitrary commands remotely. The exploit targets systems running Apache Tomcat or similar servers with misconfigured file upload functionality.

This is a Nuclei template designed to detect Apache Tomcat servers vulnerable to CVE-2024-50379, a TOCTOU race condition leading to RCE. The template requires manual adjustment of the upload endpoint and is intended for authorized testing.

This repository contains a Python script that exploits CVE-2024-50379, a vulnerability allowing JSP shell uploads to execute arbitrary commands on vulnerable servers. The exploit automates the upload process and provides a terminal interface for command execution.

This repository provides a detailed writeup and conceptual proof-of-concept for CVE-2024-50379, a TOCTOU race condition vulnerability in Apache Tomcat that can lead to RCE on case-insensitive file systems. It describes the exploitation steps but does not include actual exploit code.

This PoC exploits CVE-2024-50379, a race condition vulnerability in Apache Tomcat, to achieve remote code execution (RCE) by writing arbitrary JSP files. It uses concurrent requests to bypass restrictions and create malicious JSP files (e.g., 2.jsp) that can execute arbitrary code.

This PoC exploits a race condition vulnerability (CVE-2024-50379) to achieve remote code execution by writing a malicious JSP file to the target server. It uses concurrent PUT and GET requests to trigger the vulnerability and includes a customizable JSP payload for execution.

This PoC exploits a TOCTOU (Time-of-Check Time-of-Use) race condition in Apache Tomcat to achieve RCE by uploading a malicious JSP file containing a reverse shell payload. The exploit uses concurrent requests to bypass file extension checks.

This PoC exploits CVE-2024-50379 by uploading a malicious JSP payload to a vulnerable endpoint via HTTP PUT, then triggering it to execute arbitrary commands (e.g., 'whoami'). The script supports single or bulk target scanning with threading.

This repository contains functional exploit code for CVE-2024-50379, targeting Apache Tomcat. The PoC includes a Dockerized vulnerable environment and an exploit script that demonstrates remote code execution via file upload.

This PoC exploits CVE-2024-50379 in Apache Tomcat by leveraging PUT method to upload a JSP webshell, enabling remote command execution. It includes a multi-threaded approach to bypass potential mitigations and validate successful exploitation.

This PoC exploits CVE-2024-50379, a TOCTOU race condition in Apache Tomcat, by uploading a malicious JSP shell to a writable directory and executing arbitrary commands. The script demonstrates RCE via a crafted JSP file.

This exploit targets CVE-2024-50379, a race condition vulnerability in Apache Tomcat, allowing arbitrary file upload and remote code execution (RCE) via JSP file manipulation. The PoC uses concurrent requests to exploit the condition and achieve RCE.