Skip to content
/ cve-2017-5638 Public

Example PoC Code for CVE-2017-5638 | Apache Struts Exploit

17 stars 25 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xsscx/cve-2017-5638

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

README.md

README.md

 
 

curl-poc-for-cve-2017-5638.txt

curl-poc-for-cve-2017-5638.txt

 
 

cve-2017-5638.py

cve-2017-5638.py

 
 

example-exploit-catalina-dump-file-example-public-domain-logfile.txt

example-exploit-catalina-dump-file-example-public-domain-logfile.txt

 
 

one-line-poc.py

one-line-poc.py

 
 

sample-output.txt

sample-output.txt

 
 

Repository files navigation

CVE-2017-5638 PoC Code in Python | DORK: ext:action

Example PoC Code for CVE-2017-5638 | Apache Struts Exploit | DORK: ext:action

USAGE: python struts.py https://victim.site dir

The initial Python Script that was Posted didn't correctly format the Content-Type Header. I recoded the Content Type Header to properly format Content-Type:%20{Exploit}. I also added a logging and Requests, then dumped the Object Properties to stdout.

SAMPLE OUTPUT

Check for CVE-2017-5638 by XSS.Cx

Volume in drive D has no label. Volume Serial Number is 2A7B-A245 Directory of d:\Program Files\Apache Software Foundation\Tomcat 9.0

About

Example PoC Code for CVE-2017-5638 | Apache Struts Exploit

Topics

python exploit code apache poc content-type struts2 cve-2017-5638

Resources

Readme
Activity

Stars

17 stars

Watchers

1 watching

Forks

25 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages