Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jiguangsdf/cve-2018-11776
CVE-2018-11776(S2-057) EXPLOIT CODE
https://github.com/jiguangsdf/cve-2018-11776
cve cve-2018-11776 python3 struts2
Last synced: 5 days ago
JSON representation
CVE-2018-11776(S2-057) EXPLOIT CODE
- Host: GitHub
- URL: https://github.com/jiguangsdf/cve-2018-11776
- Owner: jiguangsdf
- Created: 2018-08-24T03:01:29.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2024-05-09T13:33:06.000Z (6 months ago)
- Last Synced: 2024-05-09T15:01:41.961Z (6 months ago)
- Topics: cve, cve-2018-11776, python3, struts2
- Language: Python
- Homepage: https://cwiki.apache.org/confluence/display/WW/S2-057
- Size: 383 KB
- Stars: 10
- Watchers: 2
- Forks: 5
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2018-11776
2018年8月23日,Apache Strust2发布最新安全公告,Apache Struts2 存在远程代码执行的高危漏洞,该漏洞由Semmle Security Research team的安全研究员汇报,漏洞编号为CVE-2018-11776(S2-057)。Struts2在XML配置中如果namespace值未设置且(Action Configuration)中未设置或用通配符namespace时可能会导致远程代码执行。
**影响版本**
Struts 2.3 to 2.3.34
Struts 2.5 to 2.5.16
**修复版本**
Struts 2.3.35
Struts 2.5.17
**使用方法**
python3 s2-057.py {url} eg: python3 s2-057.py http://example.com
**漏洞验证**
使用seebug.org在线检测平台检测出某站存在struts s2-057漏洞
使用s2-057.py 检测出某站存在struts s2-057漏洞
