Struts2 remote code execution vulnerability detection principle and code level implementation-vulnerability warning-the black bar safety net

ID MYHACK58:62201235200
Type myhack58
Reporter 佚名
Modified 2012-10-17T00:00:00


Laboratory evan-css analysis of the recent very fire of Struct2 vulnerability hole. Recently very fire the Struts2 vulnerability everyone should have heard of it, if you haven't heard it doesn't matter about this vulnerability can be described with a one-sentence summary: vulnerability is widespread, the consequences are serious. Since JavaEE applications generally prefer to use SSH framework, Spring+Struts+Hibernate development, and there are holes in the Struts <= version 2.2 is used in large quantities, so its impact can be imagined.& gt; All major Java middleware server may be susceptible to the vulnerability, especially of you like the Tomcat, the problem is particularly serious, not because of Tomcat on the Struts vulnerability more, but mainly everyone is accustomed to in the administrator user's desktop or the root user of the terminal used in the startup. bat or startup. sh start Tomcat, the consequence of this is that your Tomcat process has a very high authority, high enough to allow a hacker on your server to do any of the things the author in the penetration test work has met using domain administrator to start the Tomcat, sweat... in. This article only describes the Struts2 vulnerability detection principle and implementation, with regard to the vulnerability of the more information you can Google, if interested can also leave a message or Twitter contact@evan-css, I will in subsequent articles neutralized with everyone about the vulnerability for more in-depth analysis, including the repair approach. Cut the crap, directly represents the code right, the say in the code comments, this code in the Windows version of Python 2.7 environment test pass. Method of use: python Source code: import os,sys import httplib import string import time import urlparse

def SendHTTPRequest(strMethod,strScheme,strHost,strURL,strParam): headers = { "Accept": "image/gif, /", "Referer": strScheme + "://" + strHost, "Accept-Language": "zh-cn", "Content-Type": "application/x-www-form-urlencoded", "Accept-Encoding": "gzip, deflate", "User-Agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; . NET CLR 2.0.50727)", "Host": strHost, "Connection": "Keep-Alive", "Cache-Control": "no-cache" }

[1] [2] [3] [4] next