7.5
CVSSv2

CVE-2016-3087

Published: 07/06/2016 Updated: 12/08/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 803
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote malicious users to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

Affected Products

Vendor Product Versions
ApacheStruts2.3.20, 2.3.20.1, 2.3.24, 2.3.24.1, 2.3.28

Vendor Advisories

Apache Struts 2320x before 23203, 2324x before 23243, and 2328x before 23281, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin ...

Exploits

#!/usr/bin/python # -*- coding: utf-8 -*- import requests import random import base64 upperAlpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" lowerAlpha = "abcdefghijklmnopqrstuvwxyz" numerals = "0123456789" allchars = [chr(_) for _ in xrange(0x00, 0xFF + 0x01)] def rand_base(length, bad, chars): '''generate a random string with chars collection''' ...
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update ...

Metasploit Modules

Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution

This module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.

msf > use exploit/multi/http/struts_dmi_rest_exec
      msf exploit(struts_dmi_rest_exec) > show targets
            ...targets...
      msf exploit(struts_dmi_rest_exec) > set TARGET <target-id>
      msf exploit(struts_dmi_rest_exec) > show options
            ...show and set options...
      msf exploit(struts_dmi_rest_exec) > exploit

Github Repositories

Metasploitable 3 and Snort rules

IDS-Evasion Index Index Attacks Snort could identify ElasticSearch Dynamic Script Arbitrary Java Execution (CVE-2014-3120) FTP Authentication Scanner (CVE-1999-0502) OpenSSH MaxAuthTries Limit Bypass Vulnerability (CVE-2015-5600) Jenkins-CI Script-Console Java Execution Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution (CVE-2016-3087) ManageEng

METASPLOITABLE 3 GlassFish Ports 4848 - HTTP 8080 - HTTP 8181 - HTTPS Credentials Username: admin Password: sploit Access On Metasploitable3, point your browser to localhost:4848 Login with the above credentials Start/Stop Stop: Open task manager and kill the javaexe process running glassfish Start: Go to Task Scheduler and find the corresponding task Right-cl

Name Description CVE-2015-5531 Directory traversal vulnerability in Elasticsearch before 161 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls CVE-2016-1909 Fortinet FortiAnalyzer before 5012 and 52x before 525; FortiSwitch 33x before 333; FortiCache 30x before 308; and FortiOS 41x before 4111, 42x

Name Description CVE-2015-5531 Directory traversal vulnerability in Elasticsearch before 161 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls CVE-2016-1909 Fortinet FortiAnalyzer before 5012 and 52x before 525; FortiSwitch 33x before 333; FortiCache 30x before 308; and FortiOS 41x before 4111, 42x

No description, website, or topics provided.

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :