Share
## https://sploitus.com/exploit?id=2AE26473-AEE2-5386-9DA9-C8331E3CAD06
# Apache Tomcat CVE-2024-50379

## Overview
This Proof of Concept (PoC) supports single and multiple target URLs. It will check if the target supports PUT requests and has a writable directory. If so, the script will exploit the target by uploading a built-in JSP web shell. If successful, the uploaded shell will be accessible at `/poc.jsp?cmd=<command>`.
This was inspired by the original GO script from [SleepingBag945/CVE-2024-50379](https://github.com/SleepingBag945/CVE-2024-50379).

## Usage

### `poc.py`
- `-u` for a single target.
- `-t` for multiple targets in a text file.
- `-p` for the path to upload the webshell to. This is optional. Default is `/poc.jsp`.
- `-h` for help.

### Nuclei Template
- The `tomcat-cve-2024-50379.yaml` nuclei template is included in this repository.
- To use: `nuclei -t tomcat-cve-2024-50379.yaml -l urls.txt`.
- The template assumes that `/` is the writable directory. Feel free to modify the template to suit your needs.

## Need Help?
- Twitter: [@mohamednab1l](https://x.com/@mohamednab1l)
- GitHub: [bigb0x/CVE-2024-50379](https://github.com/bigb0x/CVE-2024-50379)