Share
## https://sploitus.com/exploit?id=00A477C5-7473-54FE-964C-9BA127EA474C
# CVE-2024-50379 Proof of Concept (PoC)

This repository contains a proof of concept (PoC) script to exploit **CVE-2024-50379**, a vulnerability in Apache Tomcat. The vulnerability is a Time-of-Check Time-of-Use (TOCTOU) race condition that can lead to remote code execution (RCE) if the server's configuration allows writable directories.

---

## Features

- Uploads a malicious JSP shell to the vulnerable Apache Tomcat server.
- Executes arbitrary system commands via the uploaded shell.
- Demonstrates the exploitation process for CVE-2024-50379.

---

## Requirements

- **Python**: Version 3.x
- **Python Libraries**: `requests`
  - Install using:
    ```bash
    pip3 install requests
    ```

---

## Usage

### 1. Setup Vulnerable Environment

Ensure you have a vulnerable version of Apache Tomcat (e.g., 10.1.33) configured with:
- Writable `/uploads` directory.
- An upload handler JSP file (`upload.jsp`).


### 2. Run the PoC Script

To run the script, use the following command:
```bash
python3 poc.py <command>