Lucene search

KitPloitKITPLOIT:1841841790447853746

HistoryMar 14, 2017 - 1:34 p.m.

struts-pwn - An exploit for Apache Struts CVE-2017-5638

2017-03-1413:34:00

www.kitploit.com

762

10 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

** An exploit for Apache Struts CVE-2017-5638**

**** Usage** **

Testing a single URL.

python struts-pwn.py --url 'http://example.com/struts2-showcase/index.action' -c 'id'

Testing a list of URLs.

python struts-pwn.py --list 'urls.txt' -c 'id'

Checking if the vulnerability exists against a single URL.

python struts-pwn.py --check --url 'http://example.com/struts2-showcase/index.action'

Checking if the vulnerability exists against a list of URLs.

python struts-pwn.py --check --list 'urls.txt'

**** Requirements** **

Python2 or Python3
requests

**** Legal Disclaimer** **
This project is made for educational and ethical testing purposes only. Usage of struts-pwn for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

**** Author** **
_ Mazin Ahmed _

Website: https://mazinahmed.net
Email: _ mazin AT mazinahmed DOT net _
Twitter: https://twitter.com/mazen160
Linkedin: http://linkedin.com/in/infosecmazinahmed

Download struts-pwn

References

github.com/mazen160/struts-pwn

checkpoint_advisories

Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638)

2017-03-07 00:00:00

Apache Struts 2 Content-Disposition Remote Code Execution (CVE-2017-5638)

2017-08-09 00:00:00

prion

Design/Logic Flaw

2017-03-11 02:59:00

attackerkb

CVE-2017-5638

2017-03-11 00:00:00

CVE-2019-0230

2020-09-14 00:00:00

saint

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

lenovo

Apache Struts Open Source Framework Remote Code Execution - Lenovo Support US

2017-06-09 00:00:00

Apache Struts Open Source Framework Remote Code Execution - us

2017-06-09 00:00:00

impervablog

Two New Trends Make Early Breach Detection and Prevention a Security Imperative

2022-08-31 13:47:34

Keeping Your WAF Relevant: Emergency Feed Pushes New Mitigations in Just Hours

2018-04-26 19:01:59

Clustering App Attacks with Machine Learning Part 3: Algorithm Results

2018-06-19 22:41:03

threatpost

Apache Attack Traffic Dropping, Limited to Few Sources

2017-03-10 10:51:01

Equifax Says 145.5M Affected by Breach, Ex-CEO Testifies

2017-10-03 15:27:08

Equifax to Pay $700 Million in 2017 Data Breach Settlement

2019-07-22 14:31:39

vmware

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

2017-03-13 00:00:00

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

2017-03-13 00:00:00

myhack58

How fast the use of s02-45 vulnerability to gain server access-vulnerability warning-the black bar safety net

2017-03-08 00:00:00

Apache Struts2 high-risk vulnerabilities cause the Enterprise Server is the invasion mounted KoiMiner mining Trojan-vulnerability warning-the black bar safety net

2018-07-10 00:00:00

Apache Struts2 exposure arbitrary code execution vulnerability (S2-045,CVE-2017-5638)-vulnerability warning-the black bar safety net

2017-03-07 00:00:00

trendmicroblog

Sound, Fury, And Nothing One Year After Equifax

2018-09-07 12:00:34

Linux is secure…right?

2017-06-15 19:00:13

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017

2017-09-15 14:59:53

qualysblog

Cryptomining is all the rage among hackers, as DDoS amplification attacks continue

2018-03-09 21:45:09

How To Prioritize Vulnerabilities in a Modern IT Environment

2018-05-07 16:00:10

The Sky Is Falling! Responding Rationally to Headline Vulnerabilities

2018-04-19 23:00:03

atlassian

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:57:51

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:31:09

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:57:51

redhatcve

CVE-2017-5638

2017-03-08 11:53:37

osv

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

2018-10-18 19:24:26

CVE-2017-5638

2017-03-11 02:59:00

kitploit

strutszeiro - Telegram Bot to manage botnets created with struts vulnerability (CVE-2017-5638)

2017-03-14 17:30:00

Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638

2017-03-17 14:22:00

Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts

2018-08-26 21:14:00

openvas

Apache Struts Security Update (S2-045) - Active Check

2017-03-08 00:00:00

Cisco Unified Communications Manager IM and Presence Service Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability

2017-03-14 00:00:00

Atlassian Bamboo Struts2 RCE Vulnerability

2017-03-15 00:00:00

ubuntucve

CVE-2017-5638

2017-03-11 00:00:00

rapid7community

Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic

2017-03-15 14:29:55

malwarebytes

Equifax breach: What you need to know [updated]

2017-09-08 07:02:47

packetstorm

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution

2017-03-10 00:00:00

Apache Struts Jakarta Multipart Parser OGNL Injection

2017-03-14 00:00:00

ibm

Security Bulletin: Apache Struts v2 Jakarta Multipart parser code execution affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation (CVE-2017-5638)

2018-06-18 01:35:33

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840

2018-06-18 00:32:46

Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2017-5638)

2018-06-16 20:09:19

hackerone

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

2017-03-09 17:59:08

U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website

2017-03-13 04:14:12

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

2017-03-13 13:22:29

nessus

Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (remote)

2017-03-08 00:00:00

Apache Struts 2 RCE (CVE-2017-5638) (deprecated)

2017-04-12 00:00:00

Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)

2017-03-07 00:00:00

canvas

Immunity Canvas: STRUTS_OGNL

2017-03-11 02:59:00

securelist

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

2023-12-14 13:00:40

seebug

S2-046: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

2017-03-21 00:00:00

S2-045: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

2017-03-06 00:00:00

cisa_kev

Apache Struts Remote Code Execution Vulnerability

2021-11-03 00:00:00

cisco

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

2017-03-10 19:30:00

thn

New Apache Struts Zero-Day Vulnerability Being Exploited in the Wild

2017-03-09 01:03:00

UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

2018-09-20 13:54:00

Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach

2017-10-02 21:23:00

krebs

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

2017-09-14 18:03:12

K43451236 : Apache Struts 2 vulnerability CVE-2017-5638

2017-03-09 00:00:00

zdt

Apache Struts Jakarta Multipart Parser OGNL Injection Exploit

2017-03-15 00:00:00

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution Exploit

2017-03-12 00:00:00

cvelist

CVE-2017-5638

2017-03-11 02:11:00

veracode

Remote Code Execution (RCE) Through Jakarta Multipart Parser

2017-03-09 12:39:55

cert

Apache Struts 2 is vulnerable to remote code execution

2017-03-14 00:00:00

github

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

2018-10-18 19:24:26

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

2023-09-21 20:56:46

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

huawei

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

2017-03-16 00:00:00

nuclei

Apache Struts 2 - Remote Command Execution

2020-08-19 13:13:31

cve

CVE-2017-5638

2017-03-11 02:59:00

cloudfoundry

CVE-2017-5638: Apache Struts Remote Code Execution | Cloud Foundry

2017-03-14 00:00:00

pentestit

UPDATE: Infection Monkey 1.6.1

2018-12-03 22:28:53

JexBoss: Java Deserialization Verification & EXploitation Tool!

2017-08-11 06:52:45

talosblog

Another Apache Struts Vulnerability Under Active Exploitation

2017-09-07 15:42:00

2017 in Snort Signatures.

2018-01-29 11:37:00

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

2019-09-17 08:09:45

nmap

http-vuln-cve2017-5638 NSE Script

2017-03-10 17:53:45

ics

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

oracle

Oracle Critical Patch Update Advisory - April 2017

2017-04-18 00:00:00

Oracle Critical Patch Update Advisory - July 2017

2018-03-20 00:00:00

10 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

struts-pwn - An exploit for Apache Struts CVE-2017-5638

References

Related