- Better Exploit Code For CVE 2017 9805 apache struts
- Should be mostly error proof
Found that most of the exploit code online simply used string concatenation to insert user supplied commands and insert into an XML string. This isnt very reliable as XML requires certain special characters use encoding. As such, it will trip an error cause those scripts dont account for this. Additionally, properly encoded xml may cause errors in getting proper command execution. This script solves those issues.
- I added in proper argument parsing
- Regex checking of proper argument formatting.
- xml as an object instead of just a string
- Encoding of commands to prevent errors with special characters in user supplied payload.