关联漏洞
标题:
Apache Struts 安全漏洞
(CVE-2024-53677)
描述:Apache Struts是美国阿帕奇(Apache)基金会的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。 Apache Struts 2.0.0版本至6.4.0之前版本存在安全漏洞,该漏洞源于文件上传逻辑缺陷。
描述
A Docker-based environment to reproduce the CVE-2024-53677 vulnerability in Apache Struts 2.
介绍
# CVE-2024-53677 - Apache Struts 2 Remote Code Execution Vulnerability (RCE) Reproduction Environment
This repository provides a Docker-based environment to reproduce the CVE-2024-53677 vulnerability in Apache Struts 2. This vulnerability involves path traversal and allows for arbitrary code execution (RCE) through the file upload functionality in Struts 2.
## Source
This reproduction environment is based on the CVE-2023-50164 repository, which can be found at:
https://github.com/Trackflaw/CVE-2023-50164-ApacheStruts2-Docker
The original repository demonstrated a file upload vulnerability in Apache Struts 2 (CVE-2023-50164), exploiting path traversal in file uploads. In this repository, we have modified the setup to simulate the CVE-2024-53677 vulnerability.
### Modifications
1. FileUploadInterceptor Integration:
- We replaced the original file upload handling logic with FileUploadInterceptor, a feature in Struts 2 that better supports file uploads. This change aligns with the root cause of the CVE-2024-53677 vulnerability, which relates to improper file upload handling.
2. Disabling File Type Validation:
- For this reproduction, we disabled file type validation to simplify the reproduction process and allow any file type (e.g., .jsp, .php, .war) to be uploaded. This lowers the cost of reproducing the vulnerability.
## Setup Instructions
The environment can be built and run using Docker. Follow these steps to set up the application:
```sh
git clone https://github.com/c4oocO/CVE-2024-53677-Docker.git
cd CVE-2024-53677-Docker
docker build --ulimit nofile=122880:122880 -m 3G -t CVE-2024-53677 .
docker run -p 8080:8080 --ulimit nofile=122880:122880 -m 3G --rm -it --name CVE-2024-53677 CVE-2024-53677
docker run -p 8080:8080 --ulimit nofile=122880:122880 -m 3G --rm -it --name CVE-2024-53677 CVE-2024-53677
curl http://localhost:8080/upload.action
```
文件快照
[4.0K] /data/pocs/6573c3be0d52413f1b9c99b463173489e2c34166
├── [1.3K] context.xml
├── [ 612] Dockerfile
├── [1.8K] README.md
├── [4.0K] struts-app
│ ├── [8.9K] mvnw
│ ├── [5.7K] mvnw.cmd
│ ├── [3.7K] pom.xml
│ ├── [4.0K] src
│ │ └── [4.0K] main
│ │ ├── [4.0K] java
│ │ │ └── [4.0K] org
│ │ │ └── [4.0K] trackflaw
│ │ │ └── [4.0K] example
│ │ │ └── [2.0K] Upload.java
│ │ ├── [4.0K] resources
│ │ │ └── [1.2K] struts.xml
│ │ └── [4.0K] webapp
│ │ ├── [ 219] index.html
│ │ └── [4.0K] WEB-INF
│ │ ├── [ 587] error.jsp
│ │ ├── [ 658] success.jsp
│ │ ├── [ 728] upload.jsp
│ │ └── [1.1K] web.xml
│ └── [4.0K] target
│ └── [4.0K] classes
│ ├── [4.0K] org
│ │ └── [4.0K] trackflaw
│ │ └── [4.0K] example
│ │ └── [2.5K] Upload.class
│ └── [1.2K] struts.xml
└── [ 219] tomcat-users.xml
15 directories, 16 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。