漏洞平台

POC详情： eb2c79b93edcaf784daea11f675c16900e35d1a6

来源

https://github.com/timothyjxhn/DeliberatelyVulnerableWebApp

关联漏洞

标题： Apache Struts 2 输入验证错误漏洞 (CVE-2017-5638)
描述：Apache Struts是美国阿帕奇（Apache）软件基金会的一个开源项目，是一套用于创建企业级Java Web应用的开源MVC框架，主要提供两个版本框架产品，Struts 1和Struts 2。 Apache Struts 2 2.3.32之前的2 2.3.x版本和2.5.10.1之前的2.5.x版本中的Jakarta Multipart解析器存在安全漏洞，该漏洞源于程序没有正确处理文件上传。远程攻击者可借助带有＃cmd=字符串的特制Content-Type HTTP头利用该漏洞执行任意命令。

描述

A Deliberately Vulnerable Web Application built on Struts 2 (CVE-2017-5638) and Log4J (CVE-2021-44228) for testing and demonstration of OWASP Top 10 Web Application Security Risks: A06:2021-Vulnerable and Outdated Components.

介绍

# Deliberately Vulnerable Web Application (Struts 2)

This project is a Java web application using the Struts 2 framework. It is built with Maven and can be run using the Jetty server.

## Prerequisites

- Java Development Kit (JDK) 8 or higher
- Apache Maven 3.6.0 or higher

## Getting Started

### Build the project

```sh
mvn clean install
```

### Run the project with Jetty

```sh
mvn jetty:run
```

### Access the application

Open your web browser and navigate to `http://localhost:8080/dvwa`.

## Project Structure

- `src/main/java`: Contains the Java source code.
- `src/main/resources`: Contains the configuration files.
- `src/main/webapp`: Contains the web application files (JSP, HTML, CSS, JS).

## Configuration

### Struts Configuration

The Struts configuration is located in `src/main/resources/struts.xml`.

### Maven Configuration

The Maven configuration is located in `pom.xml`.

## License

This project is licensed under the MIT License - see the `LICENSE` file for details.

文件快照


 [4.0K]  /data/pocs/eb2c79b93edcaf784daea11f675c16900e35d1a6
├── [3.1K]  pom.xml
├── [1001]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  org
        │       └── [4.0K]  dvwa
        │           ├── [4.0K]  actions
        │           │   ├── [2.9K]  CreatePostAction.java
        │           │   ├── [1.7K]  DeletePostAction.java
        │           │   ├── [1.8K]  DownloadFileAction.java
        │           │   ├── [ 198]  Globals.java
        │           │   └── [1.9K]  IndexAction.java
        │           └── [4.0K]  models
        │               └── [2.5K]  BlogPost.java
        ├── [4.0K]  resources
        │   ├── [ 483]  log4j2.xml
        │   └── [2.2K]  struts.xml
        └── [4.0K]  webapp
            ├── [ 409]  error.jsp
            ├── [5.0K]  index.jsp
            ├── [1.5K]  newpost.jsp
            ├── [4.0K]  styles
            │   └── [ 361]  index.css
            ├── [4.0K]  WEB-INF
            │   ├── [4.0K]  decorators
            │   │   └── [2.8K]  layout.jsp
            │   ├── [ 154]  decorators.xml
            │   └── [1.1K]  web.xml
            └── [ 407]  welcome.jsp

12 directories, 18 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。