CVE-2017-5638 PoC — Apache Struts 2 输入验证错误漏洞

Source

https://github.com/xsscx/cve-2017-5638

Associated Vulnerability

Title:Apache Struts 2 输入验证错误漏洞 (CVE-2017-5638)
Description:The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

Description

Example PoC Code for CVE-2017-5638 | Apache Struts Exploit

Readme

# CVE-2017-5638 PoC Code in Python | DORK: ext:action
Example PoC Code for CVE-2017-5638 | Apache Struts Exploit | DORK: ext:action

USAGE: python struts.py https://victim.site dir

The initial Python Script that was Posted didn't correctly format the Content-Type Header.
I recoded the Content Type Header to properly format Content-Type:%20{Exploit}.
I also added a logging and Requests, then dumped the Object Properties to stdout.

SAMPLE OUTPUT

Check for CVE-2017-5638 by XSS.Cx

Volume in drive D has no label.
Volume Serial Number is 2A7B-A245
Directory of d:\Program Files\Apache Software Foundation\Tomcat 9.0

File Snapshot


 [4.0K]  /data/pocs/3f98e8628106ce4f6d79becd12e1dd4dd5a1b666
├── [ 931]  curl-poc-for-cve-2017-5638.txt
├── [3.0K]  cve-2017-5638.py
├── [ 99K]  example-exploit-catalina-dump-file-example-public-domain-logfile.txt
├── [ 954]  one-line-poc.py
├── [ 620]  README.md
└── [2.9K]  sample-output.txt

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!