Skip to content

chrisjd20/cve-2017-9805.py

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
LICENSE
 
 
README.md
 
 
cve-2017-9805.py
 
 
CVE-2017-9805.py Why Recode? What's different?

README.md

CVE-2017-9805.py

  1. Better Exploit Code For CVE 2017 9805 apache struts
  2. Should be mostly error proof

Why Recode?

Found that most of the exploit code online simply used string concatenation to insert user supplied commands and insert into an XML string. This isnt very reliable as XML requires certain special characters use encoding. As such, it will trip an error cause those scripts dont account for this. Additionally, properly encoded xml may cause errors in getting proper command execution. This script solves those issues.

What's different?

  1. I added in proper argument parsing
  2. Regex checking of proper argument formatting.
  3. xml as an object instead of just a string
  4. Encoding of commands to prevent errors with special characters in user supplied payload.

About

Better Exploit Code For CVE 2017 9805 apache struts

Resources

Readme

License

MIT license

Stars

22 stars

Watchers

2 watching

Forks

8 forks

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages