CVE-2019-0230 PoC — Apache Struts 代码执行漏洞

Source

https://github.com/Al1ex/CVE-2019-0230

Associated Vulnerability

Title:Apache Struts 代码执行漏洞 (CVE-2019-0230)
Description:Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

Description

S2-059(CVE-2019-0230)

Readme

## What's this
This is a Simple test Project for S2-059 which can be used to analysis the detail of this vulnerability.

## How to use 

Step 1:Use IDEA  import this project

Step 2:setup tomcat Server

Step 3:Use browser access "http://ip:port/SimpleStruts_war_exploded/S2059?id=%25{8*8}"

![CVE-2019-0230](image/poc.jpg)

### How to Exploit

~~~
python2 CVE-2019-0230.py
~~~

![CVE-2019-0230](image/CVE-2019-0230.jpg)

File Snapshot


 [4.0K]  /data/pocs/c47be92a2308bcaab36d571104d9114a5f980ed2
├── [4.0K]  CVE-2019-0230
│   ├── [2.4K]  pom.xml
│   ├── [ 360]  SimpleStruts.iml
│   └── [4.0K]  src
│       └── [4.0K]  main
│           ├── [4.0K]  java
│           │   └── [4.0K]  org
│           │       └── [4.0K]  heptagram
│           │           └── [4.0K]  action
│           │               └── [ 345]  IndexAction.java
│           ├── [4.0K]  resources
│           │   └── [ 550]  struts.xml
│           └── [4.0K]  webapp
│               ├── [  91]  index.jsp
│               ├── [ 270]  S2059.jsp
│               └── [4.0K]  WEB-INF
│                   └── [ 501]  web.xml
├── [ 702]  CVE-2019-0230.py
├── [4.0K]  image
│   ├── [260K]  CVE-2019-0230.jpg
│   └── [ 45K]  poc.jpg
└── [ 440]  README.md

11 directories, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!