module

Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution

Disclosed	Created
07/07/2017	06/14/2018

Disclosed

07/07/2017

Created

06/14/2018

Description

This module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote Code Execution can be performed via a malicious field value.

Authors

icez Nixawkxfer0

References

Source Code
History

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

    msf > use exploit/multi/http/struts2_code_exec_showcase
    msf /(e) > show actions
        ...actions...
    msf /(e) > set ACTION < action-name >
    msf /(e) > show options
        ...show and set options...
    msf /(e) > run

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today