/struts-rest-showcase

Vulnerable Struts Rest API

Primary LanguageJavaApache License 2.0Apache-2.0

struts-rest-showcase

Vulnerable Struts Rest API

Setup for Intellij

  • Download IntelliJ community
  • Import from VCS
  • File > Project Structure > Project SDK > JDK 1.8
    • Install JDK 8 if it does not exist
  • View > Maven > Toggle 'Skip Tests' Mode & Run Maven Build

Dockerfile Run & exploit

git clone https://github.com/samqbush/struts-rest-showcase.git && cd ./struts2-rest-showcase
docker build -t struts2-rest-showcase:latest ./
docker run --name struts2-rest-showcase -d -p 8361:8080 struts2-rest-showcase:latest

Access to the WebUI

Exploit from outside the container on linux

apt update && apt install -y python3-pip
cd ./Exploit CVE-2017-9805
python3 restshowcasedetect.py http://localhost:8361/struts2-rest-showcase/orders/3
  • You should see a 10 second delay in response before receiving a 500 error.