Apache Struts2 CVE-2017-5638 (Safe Educational Demo)# PoC: Apache Struts2 CVE-2017-5638 (Safe Educational Demo)
## 📌 Overview
This project is a **Proof-of-Concept (PoC)** for **CVE-2017-5638**, a famous Apache Struts2 vulnerability that allowed attackers to execute arbitrary code on affected servers.
⚠️ This repository contains a **safe, non-exploitative demo** designed for **educational purposes only**. It does not perform any malicious actions.
---
## 🔎 About the Vulnerability
- **CVE ID**: [CVE-2017-5638](https://nvd.nist.gov/vuln/detail/CVE-2017-5638)
- **Type**: Remote Code Execution (RCE)
- **Component**: Apache Struts2 (Jakarta Multipart Parser)
- **Root Cause**: User input in the `Content-Type` header was improperly passed to **OGNL** (Object-Graph Navigation Language), allowing attackers to inject and execute code on the server.
---
## 🛠️ How This PoC Works
This script demonstrates how an attacker might *test* for the vulnerability — but in a **harmless way**.
- It sends a specially crafted `Content-Type` header containing an OGNL expression.
- Instead of executing dangerous commands, the payload simply attempts to add a custom header (`X-Vuln: Vulnerable`) to the server’s response.
- If the header appears, it means the server is processing OGNL input and is **likely vulnerable**.
This makes it a safe demonstration of the vulnerability without actually exploiting it.
---
## ▶️ Usage
```bash
# Install required package
pip install requests
# Run the script
python3 struts2_poc.py
# Enter a target URL when prompted (example)
http://example.com/
登录后查看神龙缓存的 POC 文件快照
登录查看