Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-50164 PoC — Apache Struts: File upload component had a directory traversal vulnerability

Source
https://github.com/minhbao15677/CVE-2023-50164
Associated Vulnerability
Title:Apache Struts: File upload component had a directory traversal vulnerability (CVE-2023-50164)
Description:An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Readme
# CVE-2023-50164: Analysis Apache Struts path traversal to RCE vulnerability

## 1. Setup Debug Environment
### 1.1. Create Struts WebApp
- Create Java Web Application project use Maven: ```mvn archetype:generate -DgroupId=com.example -DartifactId=my-webapp -DarchetypeArtifactId=maven-archetype-webapp```
- 
### 1.2. Debug Tomcat 

## 2. Analysis CVE-2023-50164
File Snapshot

 [4.0K]  /data/pocs/8538037767c6666bffa09aa7e55646163716becf
└── [ 363]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →