Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-50164 PoC — Apache Struts 安全漏洞

Source
https://github.com/NikitaPark/CVE-2023-50164-PoC
Associated Vulnerability
Title:Apache Struts 安全漏洞 (CVE-2023-50164)
Description:Apache Struts是美国阿帕奇(Apache)基金会的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。 Apache Struts 存在安全漏洞,该漏洞源于file upload参数存在路径遍历漏洞。攻击者可利用该漏洞上传恶意文件并执行远程代码。受影响的产品和版本:Apache Struts 2.0.0至2.5.32版本,6.0.0至6.3.0.1版本。
Description
CVE-2023-50164 PoC Application & Exploit script
Readme
# CVE-2023-50164 PoC

This repository is a proof of concept (PoC) of the CVE-2023-50164 vulnerability.

## 1. About CVE-2023-50164

**CVE-2023-50164** is a file path traversal vulnerability that occurs in Apache Struts web application.   
An attacker could exploit this vulnerability to upload malicious file (WebShell or other Malware) to arbitrary location and make secondary attacks such as remote code execution. 

## 2. Building the Vulnerable Environment

The vulnerable web application, StrutsUploadApp, is containerized using Docker. Follow these steps to build and deploy the environment.

Use the provided `Dockerfile` to build the Docker image for `StrutsUploadApp`.

```bash
docker build -t struts-upload-app .
docker run -d -p 8080:8080 --name StrutsUploadApp struts-upload-app 
```

## 3. Exploit
Run the exploit script to trigger the vulnerability.

```bash
python exploit.py --url=http://localhost:8080/StrutsUploadApp/upload.action /
    --file=webshell.jsp /
    --file-parameter=upload /
    --attemps=5
```
File Snapshot

 [4.0K]  /data/pocs/283274645f13cdfb28f914c299cc4570f5778016
├── [  34]  docker-compose.yml
├── [ 268]  Dockerfile
├── [3.9K]  exploit.py
├── [1.0K]  README.md
└── [4.0K]  StrutsUploadApp
    ├── [ 10K]  mvnw
    ├── [6.6K]  mvnw.cmd
    ├── [1.9K]  pom.xml
    └── [4.0K]  src
        └── [4.0K]  main
            ├── [4.0K]  java
            │   └── [4.0K]  com
            │       └── [4.0K]  nikitapark
            │           └── [4.0K]  app
            │               └── [1.7K]  UploadAction.java
            ├── [4.0K]  resources
            │   └── [ 776]  struts.xml
            └── [4.0K]  webapp
                ├── [ 270]  index.jsp
                └── [4.0K]  WEB-INF
                    ├── [ 683]  error.jsp
                    ├── [1.0K]  input.jsp
                    ├── [ 896]  success.jsp
                    └── [ 603]  web.xml

10 directories, 14 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.