CVE-2017-5638 PoC — Apache Struts 2 输入验证错误漏洞

Source

https://github.com/random-robbie/CVE-2017-5638

Associated Vulnerability

Title:Apache Struts 2 输入验证错误漏洞 (CVE-2017-5638)
Description:The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

Description

CVE: 2017-5638 in different formats

Readme

# CVE-2017-5638
CVE: 2017-5638 in different formats

Most of them will require you to enter the url and you might want to change the command

Please issue pull requests if you can make it so you can enter a url and command!


PHP - Example http://localhost/2017-5638.php?url=TARGET&cmd=command

XMLHttpRequest - CVE-2017-5638.js -- will require Access-Control-Allow-Origin on target server to be set and allow host page.

All others will need further testing.

File Snapshot


 [4.0K]  /data/pocs/d4732bd4b4e6bca90e51ac01d474ccaf6d1db0b9
├── [2.4K]  2017-5638.php
├── [1.2K]  2017-5638.ps1
├── [1.2K]  CVE-2017-5638-CVE-2017-5638.js
├── [1.5K]  CVE-2017-5638-jquery.js
├── [1.3K]  CVE-2017-5638.pl
├── [1.4K]  CVE-2017-5638.rb
├── [ 34K]  LICENSE
├── [ 460]  README.md
└── [2.2K]  struts2_S2-045.py

0 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!