Published: 22/08/2018 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 958

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache struts

Apache Struts versions 23 to 2334 and 25 to 2516 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when usin ...

A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system The vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action In cases where upp ...

#!/usr/bin/env python3 # coding=utf-8 # ***************************************************** # struts-pwn: Apache Struts CVE-2018-11776 Exploit # Author: # Mazin Ahmed <Mazin AT MazinAhmed DOT net> # This code uses a payload from: # githubcom/jas502n/St2-057 # ***************************************************** import argparse im ...

#!/usr/bin/python # -*- coding: utf-8 -*- # hook-s3c (githubcom/hook-s3c), @hook_s3c on twitter import sys import urllib import urllib2 import httplib def exploit(host,cmd): print "[Execute]: {}"format(cmd) ognl_payload = "${" ognl_payload += "(#_memberAccess['allowStaticMethodAccess']=true)" ognl_payload += "(#cmd='{}')"f ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE # Eschewing CmdStager for now, since the use of '\' and ';' a ...

This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 23 through 234, and 25 through 2516 Remote code execution can be performed via an endpoint that makes use of a redirect action Native payloads will be converted to executables and dropped in the server's temp dir If this fails, try a cmd/* paylo ...

Apache versions 23 up to 2334 and 25 up to 2516 remote code execution exploit ...

A browser extension for OSINT search

Mitaka Mitaka is a browser extension that makes your OSINT (Open Source Intelligence) search & scan easier

Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts.

Apache-Struts-0Day-Exploit Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts Installation git clone githubcom/LightC0der/Apache-Struts-0Day-Exploit/ Usage: python Apache_Strutspy URL : wwwexamplecom/ Shell : "Commands" ie ls, dir, whoami

Find SearchSploit exploits by CVE-IDs / dpkg status file

cvesploit Find SearchSploit exploits by CVE-IDs / dpkg status file CVE Mode Vulnerablitiy Scanners often return the CVE-IDs in their scans /cvesploit CVE-2018-11776 CVE-2018-11776 Apache Struts 23 < 2334 / 25 < 2516 - Remote Code Execution (1) exploits/linux/remote/45260py Apache Struts 23 < 2334 / 25 < 2516 -

Apache Struts CVE-2018-11776 Python PoC This is based on githubcom/hook-s3c/CVE-2018-11776-Python-PoC The container build and instructions did not work as described in the README so this fork was created The POC exploit used is from Rapid7 Shoutout: hook-s3c (githubcom/hook-s3c), @hook_s3c on twitter Rapid7 rapid7/metasploit-framework#8064 Introduction Man

cve-2018-11776

CVE-2018-11776 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2018-11776 Image author: githubcom/knqyf263/CVE-2018-11776

[CVE-2022-26134] Confluence Pre-Auth Object-Graph Navigation Language (OGNL) Injection

[CVE-2022-26134] Confluence Pre-Auth Object-Graph Navigation Language (OGNL) Injection Confluence is a web-based workspace collaboration product that is developed by Atlassian It can be deployed on-prem or as part of Atlassian Cloud It consists of 3 key features: page, space and page tree Page: Your content lives in pages – living documents you create on your Conflue

Environment for CVE-2018-11776 / S2-057 (Apache Struts 2)

CVE-2018-11776 Environment for CVE-2018-11776 / S2-057 Demo Run server $ docker run -d --hostname strut

Codeql学习笔记

CodeqlNote 记录学习Codeql的笔记，国内资料真的挺少。摘抄各种大佬文章随便记的，比较乱,抽空整理。该笔记还在整理中，对codeql感兴趣的师傅推荐直接看文末我收集的一些文章！！！ codeql 这东西本质就是写各种过滤条件、各种数据流跟踪，给我的感觉就是在写面向对象的sql一样，所以

BugBounty Tool

Domainker Setup Python pypi package got removed if you want to use this tool follow the steps below Manual setup git clone githubcom/BitTheByte/Domainker cd Domainker pip install -r requirementstxt python domainkerpy How to use I developed this tool to be easily managed and upgraded so i created it as small plugin systems c

Resources related to GitHub Security Lab

GitHub Security Lab This is the main git repository of GitHub Security Lab We use it for these main purposes: We share with our community some best practices about security research and vulnerability disclosures in our docs We use issues on this repo to track CodeQL bounty requests We use it for publishing some of our proof-of-concept exploits (after the vulnerability has be

图书推荐系统

WsylibBookRS 主要内容: 解决目前学校图书管理系统不能由学生推荐图书到图书馆的问题,经过使用测试,符合生产使用环境使用技术 spring 4318 spring jdbc 4318 struts 2518 mysql 57 开发环境 eclipse    maven 35 建议及其pull 如果你对本项目感兴趣,请动一动的你尊贵的小手,fork�

CVE-2018-11776(S2-057) EXPLOIT CODE

CVE-2018-11776 2018年8月23日，Apache Strust2发布最新安全公告，Apache Struts2 存在远程代码执行的高危漏洞，该漏洞由Semmle Security Research team的安全研究员汇报，漏洞编号为CVE-2018-11776（S2-057）。Struts2在XML配置中如果namespace值未设置且（Action Configuration）中未设置或用通配符namespace时可能会导致远�

Deep Security Smart check reporting module Maintained by ShunyEka Systems Pvt Ltd This module shows how to use the Deep Security Smart Check API to retrieve the vulnerability findings from the last scan on an image See the API reference documentation for more things you can do with the Deep Security Smart Check API Get started Usage with docker plugin docker run -v &lt

Deep Security Smart check reporting module Maintained by Tejas Sheth This module shows how to use the Deep Security Smart Check API to retrieve the vulnerability findings from the last scan on an image See the API reference documentation for more things you can do with the Deep Security Smart Check API Get started Usage with docker plugin docker run -v <Directory to s

CVE-2021-26084 - Confluence Server Webwork OGNL injection

CVE-2021-26084 Introduction This write-up provides an overview of CVE-2021-26084 - Confluence Server Webwork OGNL injection [1] that would allow an authenticated user to execute arbitrary code on a Confluence Server or Data Center instance TL;DR Confluence Server / Data Center makes use of Webwork 2 MVC framework to process web requests and the view layer primarily consists of

CVE-2018-11776 là một lỗ hổng bảo mật trong Apache Struts, một framework phổ biến để phát triển ứng dụng web Lỗ hổng này cho phép tin tặc thực hiện các cuộc tấn công từ xa thông qua việc chèn mã độc vào các trường dữ liệu của yêu cầu HTTP L

Apache-Struts-v3 Script contiene la fusión de 3 vulnerabilidades de tipo RCE sobre ApacheStruts, además tiene la capacidad de crear shell servidor SHELL php Funcion Terminada :) jsp Funcion en desarrollo CVE ADD CVE-2013-2251 'action:', 'redirect:' and 'redirectAction' CVE-2017-5638 Content-Type CVE-2018-11776 'redirect:�

Mitaka Mitaka is a browser extension for OSINT search which can: Extract & refang IoC from a selected block of text Eg example[]com to examplecom, test[at]examplecom to test@examplecom, hxxp://examplecom to examplecom, etc Search / scan it on various engines Eg VirusTotal, urlscanio, Censys, Shodan, etc Features Supported IOC types name

Struts2 S2-059 원격 코드 실행 취약점 (Remote Code Execution Vulnerablity(CVE-2019-0230)) Apache Struts2 프레임워크는 ID 속성과 같은 특정 태그의 속성 값을 2차적으로 분석하므로 공격자가 태그 속성을 나타낼 때 다시 분석될 OGNL 표현을 전달하여 OGNL 표현을 주입할 수 있습니다이로 인해 코드가 원격으로

Apache-Struts-v3 Script contiene la fusión de 3 vulnerabilidades de tipo RCE sobre ApacheStruts, además tiene la capacidad de crear shell servidor SHELL php terminado jsp proceso CVE ADD CVE-2013-2251 'action:', 'redirect:' and 'redirectAction' CVE-2017-5638 Content-Type CVE-2018-11776 'redirect:' and 'redirectAction

awesome-java-security-checklist(关于Java安全方面,Java基础/审计/修复/设计/规范)

awesome-java-security-checklist 准备开java安全坑,把自己学习找到的相关资料分享出来总结一下,持续更新欢迎各位表哥star和提交新的内容支持一下，协助修正完善资料均来自网上收集,如未标明作者有侵权行为,请及时联系h4x0er[at]secbugorg进行删除或修改。喜欢请点 Star，如果不打算贡献，千�

CVE-2021-26084 - Confluence Server Webwork OGNL injection

An exploit for Apache Struts CVE-2018-11776

struts-pwn - CVE-2018-11776 Exploit An exploit for Apache Struts CVE-2018-11776 Usage Check if the vulnerability exists against a single URL python struts-pwnpy --url 'examplecom/demo/struts2-showcase/indexaction' Check if the vulnerability exists against a list of URLs python struts-pwnpy --list 'urlstxt' Exploit a single URL python struts-pw

St2-057 Poc Example

St2-057 在线靶机环境，Enjoy！ 0x01 搭建环境docker githubcom/vulhub/vulhub/tree/master/struts2/s2-048 docker-compose up -d 0x02 搭建st2-057漏洞环境 docker exec -i -t 88fd8d560155 /bin/bash 后台启动进入docker 根据公告 strutsapacheorg/releaseshtml Releas

Working Python test and PoC for CVE-2018-11776, includes Docker lab

CVE-2018-11776-Python-PoC hook-s3c (githubcom/hook-s3c), @hook_s3c on twitter Working Python test and PoC for CVE-2018-11776, originally appearing on; githubcom/hook-s3c/CVE-2018-11776-Python-PoC What's going on? Man Yue Mo from Semmle has disclosed an Struts2 RCE vulnerability, delivered in a payload encoded in the URL path of a request Versions affected are 2

Vulnerable docker container for CVE-2018-11776

Vulnerable docker container for CVE-2018-11776 # docker pull bhdresh/cve-2018-11776:10 # docker run -dit -p <IP ADDRESS>:8080:8080 bhdresh/cve-2018-11776:10 PoC PoC - 1 Request : <IP ADDRESS>:8080/struts2-showcase-2314/${333+333}/helpaction Result : <IP ADDRESS>:8080/struts2-sh

Creating a vulnerable environment and the PoC

CVE-2018-11776 Proof of Concept exploit so I could quickly assess what sorts of protections and fixes are available Originally found by Man Yue Mo, Semmle: semmlecom/news/apache-struts-CVE-2018-11776 Semmle had a "Apache Struts RCE - CVE-2018-11776 - PoC Exploit Demo" YouTube video up for a bit, but I believe it's gone or, at least, no longer linked to

CVE-2018-11776 Docker container and POC exploit written in Go You can build your own image and run it: docker build -t your_image_name docker container run -it --rm -p 8080:8080 your_image_name Or you just can pull the one I created with love for you: docker container run -it --rm -p 8080:8080 tuxotron/cve-2018-11776

Proof of Concept for CVE-2018-11776

Strutter Proof of Concept for CVE-2018-11776, comes complete with the ability to search Shodan API for targets CVE-2018-11776 Apache Struts versions 23 to 2334 and 25 to 2516 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace Same possibility when using url tag which doesn&#

ini di buat utk testing

CodeQL Workshop: Find bug in apache struts 2 内部培训时使用的材料，参考 Github Workshop 制作：githubcom/githubsatelliteworkshops/codeql/blob/master/javamd 问题描述非常多类型的漏洞，其挖掘工作本质上都是找到从不安全的用户输入到一个危险的操作的完整路径，CodeQL 对挖掘这类问题非常擅长，大幅度�

记录学习codeql的过程

CodeqlLearn 在safe6sec师傅的基础上修改的，更加适合自己 AST wwwjianshucom/p/ff8ec920f5b9 wwwjianshucom/p/4bd5dc13f35a wwwjianshucom/p/68fcbc154c2f 学习过程自己学习codeql 看过的一些文章 CodeQL从入门到放弃 ✔️ codeQL入门 ✔️ Codeql 入门2 ✔️ CodeQL笔记

s2-057 最新漏洞分析和EXP脚本

Struts2-057/CVE-2018-11776两个版本RCE漏洞分析（含EXP） Ivan@360云影实验室 2018年08月24日 0x01 前言 2018年8月22日，Apache Strust2发布最新安全公告，Apache Struts2存在远程代码执行的高危漏洞（S2-057/CVE-2018-11776），该漏洞由Semmle Security Research team的安全研究员Man YueMo发现。该漏洞是由于在Struts2开发框架

Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications.

CVE-2018-11776 Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications Install and Exploiting githubcom/hook-s3c/CVE-2018-11776-Python-PoC Suricata In the file "testrules " presents a rule for the Suricata utility The rule allows network traffic to detect exploitabl

This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers.

APACHE STRUTS SHODAN EXPLOIT POC Author: @037 Original code can be found here This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers Shodan search parameter has been left out to weed out any skids trying to use this tool for malicious reasons This tool is created to be treated as a proof of conce

A simple exploit for Apache Struts RCE S2-057 (CVE-2018-11776)

S2-057-CVE-2018-11776 A simple exploit for Apache Struts RCE S2-057 (CVE-2018-11776) IMPORTANT: Is provided only for educational or information purposes Deploy test environment git clone githubcom/vulhub/vulhub cd vulhub/struts2/s2-057 docker-compose up -d Usage exploitpy <url> <command> <acti

CVE-2018-11776(S2-057) EXPLOIT CODE

Language Server using LSP meant to be used by IDEs as Snyk Backend for Frontends

Snyk Language Server (Snyk-LS) Supported features The language server follows the Language Server Protocol and integrates with Snyk Open Source, Snyk Infrastructure as Code and Snyk Code For the former two, it uses the Snyk CLI as a data provider, for the latter it is connecting directly to the Snyk Code API Right now the language server supports the following actions: Se

Vulnmap Language Server (Vulnmap-LS) Supported features The language server follows the Language Server Protocol and integrates with Vulnmap Open Source, Vulnmap Infrastructure as Code and Vulnmap Code For the former two, it uses the Vulnmap CLI as a data provider, for the latter it is connecting directly to the Vulnmap Code API Right now the language server supports the f

Puff-Pastry 环境部署注意事项由于在 docker-composeyml 文件中指定了网络网段，所以如果发生网段冲突，请手动修改 docker-composeyml 中各个网络的网段设置环境结构总览单环境介绍 web - shiro 本靶机漏洞编号为：CVE-2016-4437，即 Apache Shiro 124 反序列化漏洞环境参考 Vulhub 的示例环境：vulhub/sh

CVE-2021-26084 - Confluence Server Webwork OGNL injection

Spins up an isolated test environment for experimentation with Apache Struts vulnerability CVE-2018-11776.

Apache Struts Vulnerability Demo (CVE-2018-11776) Description Spins up an isolated test environment for experimentation with Apache Struts vulnerability CVE-2018-11776 Getting Started To bring up the test environment, run the following command: aws cloudformation create-stack \ --template-body file://cfnyml \ --stack-name <STACK_NAME> \ --parameters \ ParameterK

Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then

The Register • Shaun Nichols in San Francisco • 16 Oct 2018

And you'll definitely want to check out the libssh flaw

Oracle has released a wide-ranging security update to address more than 300 CVE-listed vulnerabilities in its various enterprise products. The October release covers the gamut of Oracle's offerings, including its flagship Database, E-Business Suite, and Fusion Middleware packages. For Database, the update addresses a total of three flaws. Two of the vulnerabilities (CVE-2018-3259 and CVE-2018-3299) can be remotely exploited without authentication, while the third, CVE-2018-7489, would require th...

CVE-2018-11776

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect