Light

rjackson64840 / struts2-rce Goto Github PK

View Code? Open in Web Editor NEW

This project forked from iletee/struts2-rce

0.0 1.0 0.0 17.45 MB

Exploitable target to CVE-2017-5638

License: Apache License 2.0

Python 7.73% Java 91.02% CSS 0.34% Dockerfile 0.91%

struts2-rce's Introduction

Exploit Demo for CVE-2017-5638

Completely based on https://github.com/piesecurity/apache-struts2-CVE-2017-5638

Usage:

Pre-requisites: have python, docker, maven and a jdk installed

clone this repo
run mvn clean package in project root
run docker build -t hack .
run docker run -d -p 8080:8080 hack
once container comes online - verify by running in browser

To begin testing RCE - run the exploit.py file.

python exploit.py http://myserver:8080/orders/3 "CMD"

Try with different CMDs like

pwd - where are we?
whomai - what user are we running this?
ls -la - what's in my directory?
ls / - what's my machine
ls /etc - what else we can find?

README.txt - Rest Showcase Webapp

Rest Showcase is a simple example of REST app build with the REST plugin.

For more on getting started with Struts, see

http://cwiki.apache.org/WW/home.html

I18N:

Please note that this project was created with the assumption that it will be run in an environment where the default locale is set to English. This means that the default messages defined in package.properties are in English. If the default locale for your server is different, then rename package.properties to package_en.properties and create a new package.properties with proper values for your default locale.

rj was here

struts2-rce's People

Contributors

Watchers

struts2-rce's Issues

[DepShield] Usage of org.apache.struts:struts2-core:2.5.10 results in vulnerability to [CVE-2017-9787] Improper Access Control

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of org.apache.struts:struts2-core:2.5.10 causes a vulnerability to [CVE-2017-9787] Improper Access Control with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2017-9787] Improper Access Control.

[DepShield] Usage of commons-collections:commons-collections:3.2.1 results in vulnerability to [CVE-2015-6420] Serialized-object interfaces in certain Cisco Collaboration and Social Media; En...

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of commons-collections:commons-collections:3.2.1 causes a vulnerability to [CVE-2015-6420] Serialized-object interfaces in certain Cisco Collaboration and Social Media; En... with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2015-6420] Serialized-object interfaces in certain Cisco Collaboration and Social Media; En....

[DepShield] Usage of com.thoughtworks.xstream:xstream:1.4.8 results in vulnerability to [CVE-2016-3674] Information Exposure

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of com.thoughtworks.xstream:xstream:1.4.8 causes a vulnerability to [CVE-2016-3674] Information Exposure with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2016-3674] Information Exposure.

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.6.1 results in vulnerability to [CVE-2017-17485] Improper Control of Generation of Code ("Code Injection")

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.6.1 causes a vulnerability to [CVE-2017-17485] Improper Control of Generation of Code ("Code Injection") with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2017-17485] Improper Control of Generation of Code ("Code Injection").

[DepShield] Usage of org.apache.struts:struts2-core:2.5.10 results in vulnerability to [CVE-2017-9804] In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application ...

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of org.apache.struts:struts2-core:2.5.10 causes a vulnerability to [CVE-2017-9804] In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application ... with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2017-9804] In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application ....

[DepShield] Usage of com.thoughtworks.xstream:xstream:1.4.8 results in vulnerability to [CVE-2017-7957] Improper Input Validation

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of com.thoughtworks.xstream:xstream:1.4.8 causes a vulnerability to [CVE-2017-7957] Improper Input Validation with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2017-7957] Improper Input Validation.

[DepShield] Usage of commons-fileupload:commons-fileupload:1.3.2 results in vulnerability to [CVE-2016-1000031] Improper Access Control

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of commons-fileupload:commons-fileupload:1.3.2 causes a vulnerability to [CVE-2016-1000031] Improper Access Control with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2016-1000031] Improper Access Control.

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.6.1 results in vulnerability to [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.6.1 causes a vulnerability to [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data with a CVSS score of 8.1. Details about the vulnerability are available on the OSS Index page for [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data.

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.6.1 results in vulnerability to [CVE-2017-15095] Deserialization of Untrusted Data

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.6.1 causes a vulnerability to [CVE-2017-15095] Deserialization of Untrusted Data with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2017-15095] Deserialization of Untrusted Data.

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.6.1 results in vulnerability to [CVE-2017-7525] Deserialization of Untrusted Data

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.6.1 causes a vulnerability to [CVE-2017-7525] Deserialization of Untrusted Data with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2017-7525] Deserialization of Untrusted Data.

[DepShield] Usage of org.apache.struts:struts2-core:2.5.10 results in vulnerability to [CVE-2017-5638] Improper Input Validation

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of org.apache.struts:struts2-core:2.5.10 causes a vulnerability to [CVE-2017-5638] Improper Input Validation with a CVSS score of 10.0. Details about the vulnerability are available on the OSS Index page for [CVE-2017-5638] Improper Input Validation.

[DepShield] Usage of commons-collections:commons-collections:3.2.1 results in vulnerability to [CVE-2017-15708] In Apache Synapse, by default no authentication is required for Java Remote Meth...

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of commons-collections:commons-collections:3.2.1 causes a vulnerability to [CVE-2017-15708] In Apache Synapse, by default no authentication is required for Java Remote Meth... with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2017-15708] In Apache Synapse, by default no authentication is required for Java Remote Meth....

[DepShield] Usage of org.apache.logging.log4j:log4j-core:2.7 results in vulnerability to [CVE-2017-5645] Deserialization of Untrusted Data

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of org.apache.logging.log4j:log4j-core:2.7 causes a vulnerability to [CVE-2017-5645] Deserialization of Untrusted Data with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2017-5645] Deserialization of Untrusted Data.

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.6.1 results in vulnerability to [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.6.1 causes a vulnerability to [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data.

[DepShield] Usage of org.apache.struts:struts2-core:2.5.10 results in vulnerability to [CVE-2017-12611] In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintenti...

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of org.apache.struts:struts2-core:2.5.10 causes a vulnerability to [CVE-2017-12611] In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintenti... with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2017-12611] In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintenti....

[DepShield] Usage of org.apache.struts:struts2-core:2.5.10 results in vulnerability to [CVE-2017-9793] The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is ...

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

This application's usage of org.apache.struts:struts2-core:2.5.10 causes a vulnerability to [CVE-2017-9793] The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is ... with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2017-9793] The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is ....

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.