Exploit for #VU5930 Code injection in Apache Struts

Vulnerability identifier: #VU5930

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2017-5638

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 35

• May 11, 2023
  • CVE-2017-5638-ApacheStruts2.3.5 (A exploit for CVE-2017-5638. This exploit works on versions 2.3.5-2.3.31 and 2.5 – 2.5.10) [Github]
• March 12, 2021
  • Apache-Struts-2-CVE-2017-5638-Exploit () [Github]
• June 2, 2020
  • Apache-Struts2-RCE-Exploit-v2-CVE-2017-5638 () [Github]
• May 18, 2020
  • Apache-Struts ( An exploit for Apache Struts CVE-2017-5638) [Github]
• May 7, 2020
  • Apache-Struts ( An exploit for Apache Struts CVE-2017-5638) [Github]
• April 7, 2020
  • CVE-2018-11776-Python-PoC (Working Python test and PoC for CVE-2018-11776, includes Docker lab) [Github]
  • struts2_cve-2017-5638 (This is a sort of Java porting of the Python exploit at: https://www.exploit-db.com/exploits/41570/.) [Github]
  • cve-2017-5638 (Example PoC Code for CVE-2017-5638 | Apache Struts Exploit ) [Github]
  • Struts-Apache-ExploitPack (These are just some script which you can use to detect and exploit the Apache Struts Vulnerability (CVE-2017-5638)) [Github]
• March 18, 2020
  • cve5scan (5 CVE scan and exploit) [Github]
  • Alien-Framework (Alien-Framework, it is a framework with many CVE exploits and tools to use in pen-testing.) [Github]
  • strutsy (Strutsy - Mass exploitation of Apache Struts (CVE-2017-5638) vulnerability) [Github]
  • Common-Vulnerability-and-Exploit (This is the Apache Struts CVE-2017-5638 struts 2 vulnerability. The same CVE that resulted in the equifax database breach.) [Github]
  • S2-045 (CVE-2017-5638 - Exploit) [Github]
  • Struts2Shell (An exploit (and library) for CVE-2017-5638 - Apache Struts2 S2-045 bug.) [Github]
  • Apache-Struts ( An exploit for Apache Struts CVE-2017-5638) [Github]
  • Stutsfi (An exploit for CVE-2017-5638 Remote Code Execution (RCE) Vulnerability in Apache Struts 2) [Github]
  • struts2-rce (Exploitable target to CVE-2017-5638) [Github]
  • CVE-2017-5638 (CVE-2017-5638 (PoC Exploits)) [Github]
  • cybersecurity-struts2 (Struts2 Application Vulnerable to CVE-2017-5638. Explains how the exploit of the vulnerability works in relation to OGNL and the JakartaMultiPart parser.) [Github]
  • CVE-2017-5638-Mass-Exploit () [Github]
  • CVE-2017-5638-Apache-Struts2 (Example PHP Exploiter for CVE-2017-5638) [Github]
  • Struts-Apache-ExploitPack (These are just some script which you can use to detect and exploit the Apache Struts Vulnerability (CVE-2017-5638)) [Github]
  • ExpStruts (A php based exploiter for CVE-2017-5638.) [Github]
  • apache-struts2-CVE-2017-5638 (Demo Application and Exploit) [Github]
  • CVE-2017-5638 (Struts02 s2-045 exploit program) [Github]
  • struts2-jakarta-inject (Golang exploit for CVE-2017-5638) [Github]
  • struts-rce (Apache Struts CVE-2017-5638 RCE exploitation) [Github]
  • struts-pwn (An exploit for Apache Struts CVE-2017-5638) [Github]
  • Apache-Struts2-RCE-Exploit-v2-CVE-2017-5638 () [Github]
  • Apache Struts Jakarta Multipart Parser OGNL Injection [Metasploit]
  • Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit) [Exploit-DB]
  • Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution [Exploit-DB]
  • labs (Vulnerability Labs for security analysis) [Github]
  • Apache-Struts-2-CVE-2017-5638-Exploit- (Exploit created by: R4v3nBl4ck end Pacman) [Github]

Vulnerable software:
Apache Struts
Server applications / Frameworks for developing and running applications

Vendor: Apache Foundation