Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-53677 PoC — Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks

Source
https://github.com/r007sec/CVE-2024-53677
Associated Vulnerability
Title:Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks (CVE-2024-53677)
Description:File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067
Readme
# CVE-2024-53677: Apache Struts path traversal to RCE vulnerability

A critical security vulnerability, identified as CVE-2024-53677 was found in Apache Struts, allowing attackers to manipulate file upload parameters that can potentially lead to unauthorized path traversal and remote code execution (RCE).


## Usage
Install PIP packages:
```bash
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
```

Then, run the exploit script with for example:
```bash
python3 exploit.py --url http://strutted.htb/upload.action
```

Note that the exploit needs a full URL where the file upload functionality is implemented.


## Disclaimer
This exploit script has been created solely for the purposes of research and for the development of effective defensive techniques. It is not intended to be used for any malicious or unauthorized activities. The author and the owner of the script disclaim any responsibility or liability for any misuse or damage caused by this software. Users are urged to use this software responsibly and only in accordance with applicable laws and regulations. Use responsibly.
File Snapshot

 [4.0K]  /data/pocs/17922a0f3848eb173b90fc0ef4f5e0dec22a5e3f
├── [4.0K]  exploit
│   ├── [4.3K]  exploit.py
│   ├── [1.2K]  manual-exploit.md
│   ├── [ 963]  requirements.txt
│   ├── [ 528]  webshell.jsp
│   └── [ 723]  webshell.war
├── [238K]  manual-exploit1.png
├── [ 71K]  manual-exploit2.png
├── [1.4K]  manual-exploit.md
└── [1.1K]  README.md

1 directory, 9 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →