Struts2近年出现的高危漏洞及相关信息总结

=Start=

缘由：

记得我刚毕业的时候Struts2爆出了一个高危漏洞(Struts2-016)，从此，Struts2框架就走进了我的视线，没想到4年过去了，它依然保持着每年几个高危漏洞的频率和趋势，不负「漏洞之王」的称号。

这篇文章主要就是记录一下近年来出现的和Struts2相关的高危漏洞，以及一些漏洞验证POC/EXP，方便平时进行测试。

正文：

参考解答：

Struts2-Security_Bulletins（Struts2框架的漏洞公告板）
https://struts.apache.org/docs/security-bulletins.html

S2-016 — A vulnerability introduced by manipulating parameters prefixed with “action:”/”redirect:”/”redirectAction:” allows remote command execution
https://struts.apache.org/docs/s2-016.html

S2-029 — Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
https://struts.apache.org/docs/s2-029.html

S2-032 — Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.
https://struts.apache.org/docs/s2-032.html

S2-033 — Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.
https://struts.apache.org/docs/s2-033.html

S2-036 — Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)
https://struts.apache.org/docs/s2-036.html

S2-037 — Remote Code Execution can be performed when using REST Plugin.
https://struts.apache.org/docs/s2-037.html

S2-045 — Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.
https://struts.apache.org/docs/s2-045.html

S2-046 — Possible RCE when performing file upload based on Jakarta Multipart parser (similar to S2-045)
https://struts.apache.org/docs/s2-046.html

====
site:freebuf.com struts2 远程代码执行
Struts2 exp genxor
====

[更新]Struts2再爆远程代码执行漏洞（S2-016）
http://www.freebuf.com/vuls/11220.html
https://struts.apache.org/docs/s2-016.html # S2-016 (2013-07-17)

Struts2最近几个漏洞分析&稳定利用Payload
http://www.freebuf.com/articles/web/25337.html

Struts2 S2-029远程代码执行漏洞初探
http://www.freebuf.com/vuls/99234.html
S2-029 Struts2 标签远程代码执行分析（含POC）
http://www.freebuf.com/vuls/99432.html

Struts2 S2 – 032远程代码执行分析
http://www.freebuf.com/vuls/102836.html

漏洞预警：Struts 2再曝远程代码执行漏洞S2-037（CVE-2016-4438）
http://www.freebuf.com/news/106954.html

【漏洞预警】Apache Struts2再曝远程代码执行漏洞（S2-046 附PoC）
http://www.freebuf.com/vuls/129871.html

Struts2 历史 RCE 漏洞回顾不完全系列
http://rickgray.me/2016/05/06/review-struts2-remote-command-execution-vulnerabilities.html

StrutsHoneypot：Struts2的蜜罐
http://www.mottoin.com/99098.html

快速搭建Struts2漏洞演示环境(S2-032/033/037/devMode)
http://www.mottoin.com/85519.html

【漏洞预警】Struts 2 被爆远程命令执行漏洞 S2-045
http://www.mottoin.com/97954.html

Struts 2远程命令执行漏洞S2-046
http://www.mottoin.com/98591.html

VulApps: 快速搭建各种漏洞环境
http://www.mottoin.com/88838.html

Struts2 历史版本的漏洞环境
https://github.com/0kami/Struts2Environment

Struts2命令执行各版本记录
http://blog.0kami.cn/2017/01/13/Struts2-history-payload/

Struts2 S2-045 漏洞环境
https://github.com/mottoin/S2-045

支持对以下版本的检测: ST2-005 ST2-009 ST2-013 ST2-016 ST2-019 ST2-devmode ST2-032 ST2-037 ST2-045
https://github.com/Lucifer1993/struts-scan

====

s2-016,s2-019,s2-020
https://github.com/zj–2095/struts2-exp

https://github.com/tony1016/s2-032-exploit

https://github.com/tengzhangchao/Struts2_045-Poc

https://github.com/jas502n/st2-046-poc

https://github.com/coffeehb/Some-PoC-oR-ExP/tree/master/Struts2 # s2-017/020/032/033/037

https://github.com/crown-prince/Go_Struts2

[原创]K8 Struts2 Exp 20170310 S2-045(Struts2综合漏洞利用工具)
# 支持漏洞 (S2-045 devMode S2-032 s2-020 s2-019 s2-016 s2-013 s2-009 S2-005)
http://qqhack8.blog.163.com/blog/static/1141479852014631102759126/

参考链接：

site:freebuf.com struts2 远程代码执行
site:github.com struts2 poc
https://github.com/search?utf8=%E2%9C%93&q=struts2+poc&type=Code
https://www.soulema.com/search?q=struts2+漏洞+环境
https://www.soulema.com/#q=struts2+045+漏洞+环境+war
https://mvnrepository.com/artifact/org.apache.struts/struts2-blank/2.3.32
http://central.maven.org/maven2/org/apache/struts/struts2-blank/2.3.32/struts2-blank-2.3.32.war

=END=

4 4 月, 2017

Docker

KnowledgeBase, Security

exp, POC, RCE, Security, Struts2