Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2017-9791

Description

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

POC

Reference

- https://www.exploit-db.com/exploits/42324/

- https://www.exploit-db.com/exploits/44643/

Github

- https://github.com/0day666/Vulnerability-verification

- https://github.com/20142995/pocsuite3

- https://github.com/20142995/sectool

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/CrackerCat/myhktools

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/GhostTroops/myhktools

- https://github.com/HimmelAward/Goby_POC

- https://github.com/IanSmith123/s2-048

- https://github.com/IkerSaint/VULNAPP-vulnerable-app

- https://github.com/JFR-C/Boot2root-CTFs-Writeups

- https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups

- https://github.com/Micr067/CMS-Hunter

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/Practical-Technology/webcve-scan

- https://github.com/SecWiki/CMS-Hunter

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Z0fhack/Goby_POC

- https://github.com/Zero094/Vulnerability-verification

- https://github.com/atdpa4sw0rd/Experience-library

- https://github.com/binfed/cms-exp

- https://github.com/brunsu/woodswiki

- https://github.com/copperfieldd/CMS-Hunter

- https://github.com/djschleen/ash

- https://github.com/do0dl3/myhktools

- https://github.com/dragoneeg/Struts2-048

- https://github.com/foospidy/web-cve-tests

- https://github.com/gh0st27/Struts2Scanner

- https://github.com/hktalent/myhktools

- https://github.com/ice0bear14h/struts2scan

- https://github.com/iqrok/myhktools

- https://github.com/jas502n/st2-048

- https://github.com/kaizer168/Security-03-04

- https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups

- https://github.com/khodges42/Etrata

- https://github.com/linchong-cmd/BugLists

- https://github.com/lnick2023/nicenice

- https://github.com/nixawk/labs

- https://github.com/oneplus-x/MS17-010

- https://github.com/pctF/vulnerable-app

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/shuanx/vulnerability

- https://github.com/soosmile/cms-V

- https://github.com/tdcoming/Vulnerability-engine

- https://github.com/touchmycrazyredhat/myhktools

- https://github.com/trhacknon/myhktools

- https://github.com/woods-sega/woodswiki

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/xfer0/CVE-2017-9791

- https://github.com/yige666/CMS-Hunter