7.5
CVSSv2

CVE-2016-3087

Published: 07/06/2016 Updated: 12/08/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 801
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote malicious users to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache struts 2.3.20.1

apache struts 2.3.20

apache struts 2.3.24.1

apache struts 2.3.24

apache struts 2.3.28

Vendor Advisories

Apache Struts 2320x before 23203, 2324x before 23243, and 2328x before 23281, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin ...

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update ...
#!/usr/bin/python # -*- coding: utf-8 -*- import requests import random import base64 upperAlpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" lowerAlpha = "abcdefghijklmnopqrstuvwxyz" numerals = "0123456789" allchars = [chr(_) for _ in xrange(0x00, 0xFF + 0x01)] def rand_base(length, bad, chars): '''generate a random string with chars collection''' ...

Metasploit Modules

Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution

This module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.

msf > use exploit/multi/http/struts_dmi_rest_exec
      msf exploit(struts_dmi_rest_exec) > show targets
            ...targets...
      msf exploit(struts_dmi_rest_exec) > set TARGET <target-id>
      msf exploit(struts_dmi_rest_exec) > show options
            ...show and set options...
      msf exploit(struts_dmi_rest_exec) > exploit

Github Repositories

Metasploitable 3 and Snort rules

Please GO THROUGH THE PDF FILE Cybersecurity_base_project_2 Metasploitable 3 and Snort rules Cyber security base – Project 2 Target – Metasploitable 3 Windows Server 2008 &amp; Ubuntu server 14 STEP 1: Run an Nmap Ping sweep scan to look for potential connected devices $ nmap -sP 19216811/24 STEP 2: Identify Target Host – 192168140 STEP 3: Run an nma

Evading Snort Intrusion Detection System.

IDS-Evasion Index Index Attacks Snort could identify ElasticSearch Dynamic Script Arbitrary Java Execution (CVE-2014-3120) FTP Authentication Scanner (CVE-1999-0502) OpenSSH MaxAuthTries Limit Bypass Vulnerability (CVE-2015-5600) Jenkins-CI Script-Console Java Execution Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution (CVE-2016-3087) ManageEng

Solutions to Metasploitable 3

METASPLOITABLE 3 GlassFish Ports 4848 - HTTP 8080 - HTTP 8181 - HTTPS Credentials Username: admin Password: sploit Access On Metasploitable3, point your browser to localhost:4848 Login with the above credentials Start/Stop Stop: Open task manager and kill the javaexe process running glassfish Start: Go to Task Scheduler and find the corresponding task Right-cl

https://51pwn.com,Awesome Penetration Testing,hacker tools collection, metasploit exploit, meterpreter....struts2、weblogic, 0day,poc,apt,backdoor,VulApps,vuln,pentest-script

Twitter: @Hktalent3135773 penetration tools dependencies Command Description kali linux recommend system node js program runtime javac, java auto generate payload metasploit auto generate payload, and autoexploit gcc auto generate payload tmux auto background send payload, shell Bash base64, tr, nc, auto generate payload python auto genera

MS17-010 As all of our research is now in Metasploit master repository

Name Description CVE-2015-5531 Directory traversal vulnerability in Elasticsearch before 161 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls CVE-2016-1909 Fortinet FortiAnalyzer before 5012 and 52x before 525; FortiSwitch 33x before 333; FortiCache 30x before 308; and FortiOS 41x before 4111, 42x

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :