Struts2近年出现的高危漏洞及相关信息总结

本文最后更新于2017年4月4日,已超过 1 年没有更新,如果文章内容失效,还请反馈给我,谢谢!

=Start=

缘由:

记得我刚毕业的时候Struts2爆出了一个高危漏洞(Struts2-016),从此,Struts2框架就走进了我的视线,没想到4年过去了,它依然保持着每年几个高危漏洞的频率和趋势,不负「漏洞之王」的称号。

这篇文章主要就是记录一下近年来出现的和Struts2相关的高危漏洞,以及一些漏洞验证POC/EXP,方便平时进行测试。

正文:

参考解答:

Struts2-Security_Bulletins(Struts2框架的漏洞公告板)
https://struts.apache.org/docs/security-bulletins.html

S2-016 — A vulnerability introduced by manipulating parameters prefixed with “action:”/”redirect:”/”redirectAction:” allows remote command execution
https://struts.apache.org/docs/s2-016.html

S2-029 — Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
https://struts.apache.org/docs/s2-029.html

S2-032 — Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.
https://struts.apache.org/docs/s2-032.html

S2-033 — Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.
https://struts.apache.org/docs/s2-033.html

S2-036 — Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)
https://struts.apache.org/docs/s2-036.html

S2-037 — Remote Code Execution can be performed when using REST Plugin.
https://struts.apache.org/docs/s2-037.html

S2-045 — Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.
https://struts.apache.org/docs/s2-045.html

S2-046 — Possible RCE when performing file upload based on Jakarta Multipart parser (similar to S2-045)
https://struts.apache.org/docs/s2-046.html

====
site:freebuf.com struts2 远程 代码 执行
Struts2 exp genxor
====

[更新]Struts2再爆远程代码执行漏洞(S2-016)
http://www.freebuf.com/vuls/11220.html
https://struts.apache.org/docs/s2-016.html # S2-016 (2013-07-17)

Struts2最近几个漏洞分析&稳定利用Payload
http://www.freebuf.com/articles/web/25337.html

Struts2 S2-029远程代码执行漏洞初探
http://www.freebuf.com/vuls/99234.html
S2-029 Struts2 标签远程代码执行分析(含POC)
http://www.freebuf.com/vuls/99432.html

Struts2 S2 – 032远程代码执行分析
http://www.freebuf.com/vuls/102836.html

漏洞预警:Struts 2再曝远程代码执行漏洞S2-037(CVE-2016-4438)
http://www.freebuf.com/news/106954.html

【漏洞预警】Apache Struts2再曝远程代码执行漏洞(S2-046 附PoC)
http://www.freebuf.com/vuls/129871.html

Struts2 历史 RCE 漏洞回顾不完全系列
http://rickgray.me/2016/05/06/review-struts2-remote-command-execution-vulnerabilities.html

StrutsHoneypot:Struts2的蜜罐
http://www.mottoin.com/99098.html

快速搭建Struts2漏洞演示环境(S2-032/033/037/devMode)
http://www.mottoin.com/85519.html

【漏洞预警】Struts 2 被爆远程命令执行漏洞 S2-045
http://www.mottoin.com/97954.html

Struts 2远程命令执行漏洞S2-046
http://www.mottoin.com/98591.html

VulApps: 快速搭建各种漏洞环境
http://www.mottoin.com/88838.html

Struts2 历史版本的漏洞环境
https://github.com/0kami/Struts2Environment

Struts2命令执行各版本记录
http://blog.0kami.cn/2017/01/13/Struts2-history-payload/

Struts2 S2-045 漏洞环境
https://github.com/mottoin/S2-045

支持对以下版本的检测: ST2-005 ST2-009 ST2-013 ST2-016 ST2-019 ST2-devmode ST2-032 ST2-037 ST2-045
https://github.com/Lucifer1993/struts-scan

====

s2-016,s2-019,s2-020
https://github.com/zj–2095/struts2-exp

https://github.com/tony1016/s2-032-exploit

https://github.com/tengzhangchao/Struts2_045-Poc

https://github.com/jas502n/st2-046-poc

https://github.com/coffeehb/Some-PoC-oR-ExP/tree/master/Struts2 # s2-017/020/032/033/037

https://github.com/crown-prince/Go_Struts2

[原创]K8 Struts2 Exp 20170310 S2-045(Struts2综合漏洞利用工具)
# 支持漏洞 (S2-045 devMode S2-032 s2-020 s2-019 s2-016 s2-013 s2-009 S2-005)
http://qqhack8.blog.163.com/blog/static/1141479852014631102759126/

参考链接:

=END=

声明: 除非注明,ixyzero.com文章均为原创,转载请以链接形式标明本文地址,谢谢!
https://ixyzero.com/blog/archives/3282.html

《Struts2近年出现的高危漏洞及相关信息总结》上有19条评论

  1. Struts RCE Learning
    http://monburan.cn/vulnerability-analysis/2017/06/04/Struts2-RCE.html

    官方git:
    https://github.com/apache/struts

    官方安全公告:
    https://struts.apache.org/docs/security-bulletins.html

    git版本标签等信息:
    https://git-wip-us.apache.org/repos/asf?p=struts.git

    历史版本下载:
    http://archive.apache.org/dist/struts/binaries/

    首先做代码审计的时候要使用git tag 查看 Struts2的版本 git show 对应版本可以看到更新 git diff 用来对比两个版本的不同

    如何使用Docker快速构建S2-045漏洞环境
    http://monburan.cn/configuration/2017/03/09/How-To-Use-Docker-Build-Vulnerability-Environment.html

  2. S2-053 复现分析过程(附POC)
    https://mp.weixin.qq.com/s/4CiKgVn7Y-hWUKRjgECsuA
    https://cwiki.apache.org/confluence/display/WW/S2-053
    Struts Freemarker曝标签远程代码执行中危漏洞(S2-053)
    http://www.freebuf.com/news/137859.html
    【漏洞预警】S2-053:Apache Struts2远程代码执行漏洞(中危)
    http://bobao.360.cn/news/detail/4295.html

    【漏洞分析】360天眼实验室:Struts2 S2-052(CVE-2017-9805)远程代码执行漏洞分析
    http://bobao.360.cn/learning/detail/4380.html

  3. 代码审计指南
    http://blog.nsfocus.net/code-audit-instruction/

    Java Web 代码安全审计实战4-环境加固
    https://www.ibm.com/developerworks/cn/java/j-lo-audit-environmental-reinforcement/index.html

    Java Web 代码安全审计实战3-文件路径操纵、系统日志欺骗、线程安全和资源未释放
    https://www.ibm.com/developerworks/cn/java/j-lo-audit-file-safe/index.html

    Java Web 代码安全审计实战2-SQL 注入
    https://www.ibm.com/developerworks/cn/java/j-lo-audit-sql-injection/index.html

    Java Web 代码安全审计实战1-跨站 XSS
    https://www.ibm.com/developerworks/cn/java/j-lo-audit-xss/index.html

  4. 【预警通告】Apache Struts 2 远程代码执行漏洞CVE-2018-11776
    http://blog.nsfocus.net/cve-2018-11776/
    https://cwiki.apache.org/confluence/display/WW/S2-057

    【处置手册】Apache Struts 2 远程代码执行漏洞cve-2018-11776
    http://blog.nsfocus.net/struts2-s2-057/

    影响范围
      受影响版本(2.3系列 – 2.3.34 / 2.5系列 – 2.5.16)
      不受影响版本(Struts 2.3.35 / Struts 2.5.17)
    漏洞排查
      版本检测
        通过配置文件检测(pom.xml)
        通过组件名检测(struts2-core-*.jar)
    漏洞防护
      官方升级
      临时解决建议(排查所有Struts 2的配置文件,如struts.xml,为没有定义namespace命名空间的package节点添加命名空间配置)
    参考链接

发表评论

电子邮件地址不会被公开。 必填项已用*标注