## https://sploitus.com/exploit?id=00A477C5-7473-54FE-964C-9BA127EA474C
# CVE-2024-50379 Proof of Concept (PoC)
This repository contains a proof of concept (PoC) script to exploit **CVE-2024-50379**, a vulnerability in Apache Tomcat. The vulnerability is a Time-of-Check Time-of-Use (TOCTOU) race condition that can lead to remote code execution (RCE) if the server's configuration allows writable directories.
---
## Features
- Uploads a malicious JSP shell to the vulnerable Apache Tomcat server.
- Executes arbitrary system commands via the uploaded shell.
- Demonstrates the exploitation process for CVE-2024-50379.
---
## Requirements
- **Python**: Version 3.x
- **Python Libraries**: `requests`
- Install using:
```bash
pip3 install requests
```
---
## Usage
### 1. Setup Vulnerable Environment
Ensure you have a vulnerable version of Apache Tomcat (e.g., 10.1.33) configured with:
- Writable `/uploads` directory.
- An upload handler JSP file (`upload.jsp`).
### 2. Run the PoC Script
To run the script, use the following command:
```bash
python3 poc.py <command>