injcristianrojas/cve-2017-5638

Demo app of THAT data broker's security breach

PythonMIT

CVE-2017-5638

Demo app of, yes, that data broker's security breach. Includes exploit code.

Basic usage (launch)

mvn jetty:run

Then go to http://localhost:8080/basic-struts/index.action. You should see the Welcome to Struts 2! message.

Vulnerability scan

mvn site

Acknowledgements

Exploit code adapted from immun.io's repo.