Apache Struts2 Gui exploit

Published
Credit
Risk
2017.03.11
Actionspider
High
CWE
CVE
Local
Remote
N/A
CVE-2017-5638
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

Apache Struts remote shell

Apache Struts gui exploit by Actionspider

actionspider@gmail.com

Affected versions:
2.3.5 – 2.3.31
2.5 – 2.5.10




uid=108(tomcat7) gid=114(tomcat7) groups=114(tomcat7)
##################(new line)###################
Linux ip-172-31-39-216 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
##################(new line)###################


exploit:

http://www.megafileupload.com/1qdnc/apache-Struts2.zip
https://ufile.io/a4538
http://s000.tinyupload.com/?file_id=07130670949154550806


youtube:
https://www.youtube.com/watch?v=dOuEKmq41lw

References:

http://www.megafileupload.com/1qdnc/apache-Struts2.zip
https://ufile.io/a4538
http://s000.tinyupload.com/?file_id=07130670949154550806
https://www.youtube.com/watch?v=dOuEKmq41lw


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com