Tools

St2-048 – Remote Code Execution Vulnerability

St2 048 Remote Code Execution Vulnerability

St2-048 – Remote Code Execution Vulnerability

Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series

> python St2-048.py

set url : https://xx.xx.xx.xx:port/integration/saveGangster.action

cmd >>: whoami
root

 

Summary

Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series

  • Who should read this         All Struts 2 developers and users should read this

  • Impact of vulnerability        Possible RCE when using the Struts 2 Struts 1 plugin

  • Maximum security rating High

  • Recommendation Please read the Solution section

  • Affected Software Struts 2.3.x with Struts 1 plugin and Struts 1 action

  • Reporter icez from Tophant Competence Center

  • CVE Identifier CVE-2017-9791

Problem

It is possible to perform a RCE attack with a malicious field value when using the Struts 2 Struts 1 plugin and it’s a Struts 1 action and the value is a part of a message presented to the user, i.e. when using untrusted input as a part of the error message in the ActionMessage class.

DOWNLOAD

You Might Also Like