CVE-2017-5638 PoC — Apache Struts 2 输入验证错误漏洞

Source

https://github.com/mritunjay-k/CVE-2017-5638

Associated Vulnerability

Title:Apache Struts 2 输入验证错误漏洞 (CVE-2017-5638)
Description:The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

Description

An exploit for CVE-2017-5638

Readme

# CVE-2017-5638

The Apache Struts 2 versions 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 have a flaw in their Jakarta Multipart parser. This flaw causes incorrect handling of exceptions and generation of error messages when attempting to upload files. As a result, attackers can remotely execute arbitrary commands by exploiting a crafted HTTP header such as Content-Type, Content-Disposition, or Content-Length.


# Execution
```python exploit.py -r <rhost-url> -c <desired-command>```

<img src="https://i.ibb.co/G3dnwn6/poc.png" alt="poc" border="0">

# Reference
[NIST NVD](https://nvd.nist.gov/vuln/detail/cve-2017-5638)
[MITRE Corporation](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638)

File Snapshot


 [4.0K]  /data/pocs/f66ccbdac53b7e92d2cf59a1c8a7a7849ef9d3f8
├── [1.7K]  exploit.py
└── [ 710]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!