Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-53677 PoC — Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks

Source
https://github.com/0xdeviner/CVE-2024-53677
Associated Vulnerability
Title:Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks (CVE-2024-53677)
Description:File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067
Readme
# CVE-2024-53677 - Apache Struts 2 Root Cause Analysis Lab Environment

This repository provides a Docker-based environment to reproduce the CVE-2024-53677 vulnerability in Apache Struts 2. This vulnerability involves path traversal through the file upload functionality in Struts 2.

## Source

This lab environment is based on my blog post - [CVE-2024-53677 - Apache Struts File Upload Vulnerability leading to RCE](https://blogs.hiteshpatra.in/cve-2024-53677-apache-struts-file-upload-vulnerability-leading-to-rce)


## Setup Instructions

The environment can be built and run using Docker. Follow these steps to set up the application:

```sh
git clone https://github.com/0xdeviner/CVE-2024-53677.git
cd CVE-2024-53677 
docker build -t apache-struts2-cve-2024-53677 .
docker run -p 8080:8080 -itd --name apache-struts2 apache-struts2-cve-2024-53677
curl http://IP:8080/upload
```
File Snapshot

 [4.0K]  /data/pocs/e4a072471ed564311164b358f06b99bb58f8801d
├── [1.3K]  context.xml
├── [ 583]  Dockerfile
├── [ 884]  README.md
├── [4.0K]  struts-app
│   ├── [8.9K]  mvnw
│   ├── [5.7K]  mvnw.cmd
│   ├── [3.7K]  pom.xml
│   └── [4.0K]  src
│       └── [4.0K]  main
│           ├── [4.0K]  java
│           │   └── [4.0K]  com
│           │       └── [4.0K]  example
│           │           └── [1.3K]  UploadAction.java
│           ├── [4.0K]  resources
│           │   └── [ 847]  struts.xml
│           └── [4.0K]  webapp
│               ├── [ 355]  index.jsp
│               ├── [ 228]  upload.jsp
│               └── [4.0K]  WEB-INF
│                   └── [ 730]  web.xml
└── [ 223]  tomcat-users.xml

9 directories, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →