🎯 Deep Dive: Dragonked2’s CVE‑2024‑50379 PoC
The CVE‑2024‑50379‑POC by dragonked2 is a practical Python-based proof of concept demonstrating how to exploit a file-upload vulnerability in misconfigured Apache/Tomcat environments. Below is a breakdown of its design, workflow, and purpose.
🚀 What Is CVE‑2024‑50379?
- Vulnerability class: File upload weakness in Apache-style servlet containers.
- Impact: Allows attackers to upload a JSP shell and run arbitrary OS commands.
- Prerequisites:
- Writable
/uploads
directory on the server.
- Misconfigured upload-handling or missing directory protections.
🛠️ Components of the Repository
LICENSE
README.md
exploit_cve_2024_50379.py
LICENSE
: Apache 2.0, free for use and modification.
README.md
:
- Describes vulnerability background and usage.
- Lists steps to run the PoC.
- Advises ethical usage.
exploit_cve_2024_50379.py
: Main exploit script, structured as:
- Input gathering and URL normalization.
- Server reachability checks.
- JSP shell upload.
- Interactive shell to execute OS commands.
- Output parsing with basic HTML handling.
🧩 Workflow Overview
- URL Normalization:
- Ensures proper scheme (
http://
or https://
) is used.
- Target Check:
- Sends GET requests to base URL and
/uploads/
.
- Verifies server is up and directory exists.
- JSP Shell Upload:
- Prepares
shell.jsp
payload.
- Sends it to
/uploads/upload.jsp
.
- Retries up to 3 times on failure with delay.
- Interactive Command Execution:
- Accepts user commands.
- Appends as
cmd
query to uploaded JSP.
- Displays plain text or HTML output accordingly.
🛡️ Security Considerations
- Intended Use: For educational and authorized penetration testing only.
- Assumptions:
- Server has unprotected upload endpoint.
- Uploaded files are accessible via web path.
- Mitigations:
- Enforce file validation on upload.
- Disable unnecessary JSP handlers.
- Isolate upload directories from public access.
✅ Pros & Cons
| Pros | Cons |
|-------------------------------------------------------|--------------------------------------------------------|
| Lightweight, single-script PoC | Requires misconfigured server |
| Interactive shell with retry logic | No support for stealth or obfuscation |
| Good user feedback and simplicity | Limited to JSP/Apache/Tomcat stack |
🧠 Usage Instructions
git clone https://github.com/dragonked2/CVE-2024-50379-POC.git
cd CVE-2024-50379-POC
pip install requests
python exploit_cve_2024_50379.py
- Enter a URL to the vulnerable server (e.g.,
localhost:8080
).
- If the upload and shell succeed, you'll be dropped into a prompt.
- Commands like
id
, whoami
, and uname -a
will return system output.
🧭 Final Thoughts
Dragonked2’s PoC is a textbook example of how poor file-upload configurations can lead to full remote code execution. While it’s not designed for stealth or mass exploitation, it serves as an effective learning tool and alert for system administrators and web developers alike.
Anyone running Java-based web services—especially on Apache Tomcat—should immediately audit upload paths, restrict access to file directories, and remove any unused servlet handlers to avoid falling victim to similar attacks.