Exploiting Apache Struts2 (RCE) with Jexboss (CVE-2017-5638)
https://github.com/joaomatosf/jexboss
Demo RCE in Apache Struts2 Jakarta Multipart Parser (CVE-2017-5638)
To install jexboss and verify your environment:
git clone https://github.com/joaomatosf/jexboss...
cd jexboss
pip install -r requires.txt
python jexboss.py -u http://YOUR_APP --struts2
Exploiting Apache Struts2 (RCE) with Jexboss (CVE-2017-5638)
Reviewed by Anonymous
on
April 23, 2018
Rating: