- Struts Showcase Application source code packaged in version 2.3.20
- Exploits converted to Python3 from immunio/apache-struts2-CVE-2017-5638
- Download IntelliJ community
- Import from VCS
- File > Project Structure > Project SDK > JDK 1.8
- Install JDK 8 if it does not exist
- View > Maven > Toggle 'Skip Tests' Mode & Run Maven Build
git clone https://github.com/samqbush/struts2-showcase.git && cd ./struts2-showcase
docker build -t struts2-showcase:latest ./
docker run --name struts2-showcase -d -p 8360:8080 struts2-showcase:latest
Access to the WebUI
apt update && apt install -y python3-pip
cd ./Exploits-CVE-2017-5638/
python3 ./exploit3.py 'touch pwned.txt'
python3 ./exploit3.py ls
python exploit3.py dir