## https://sploitus.com/exploit?id=6C9F3C1D-C8CF-50ED-A7C3-C4EB41A76B58
# Setup for the vulnerable version.
Start the vulnerable container:
```sh
docker compose up
```
Create a listener (e.g. ncat):
```sh
ncat -klnv 1337
```
Run the exploit:
```sh
python3 exploit.py
```
You should receive an HTTP request in the ncat window with the contents of the OS command (`id` by default) if everything worked as expected.
# Credits
+ Vulnerability found by [SeaW1nd](https://twitter.com/SeaW1nd1405)
+ Based on the testing setup by [VickyTheViking](https://github.com/VickyTheViking)