Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

S2-015 漏洞简要复现

wpadmin~August 2, 2019 /InfoSec

S2-015 漏洞简要分析

正文

文件路径 /usr/local/tomcat/webapps/ROOT/WEB-INF/classes/struts.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
    "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>

    <!-- <constant name="struts.enable.DynamicMethodInvocation" value="true" /> -->
    <constant name="struts.devMode" value="false" />


    <!-- Add packages here -->
    <package name="S2-015" extends="struts-default">
        <action name="*" class="com.demo.action.PageAction">
            <result>/{1}.jsp</result>
        </action>

        <action name="param" class="com.demo.action.ParamAction">
            <result name="error">${message}</result>

            <result name="success" type="httpheader">
                <param name="error">305</param>
                <param name="headers.fxxk">${message}</param>
            </result>
        </action>
    </package>
</struts>

参考资料

参考资料
https://github.com/vulhub/vulhub/blob/master/struts2/s2-015/README.zh-cn.md

Struts-S2-015漏洞利用 (含环境搭建、含POC)
https://www.jianshu.com/p/14a0fa48fed0

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.