06
42627
CVE-2017-9805
Warflop
The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Deserialization of Untrusted Data
- 2.5<2.5.12
- https://nvd.nist.gov/vuln/detail/CVE-2017-9805
- https://www.cvedetails.com/cve/CVE-2017-9805/
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805
- https://www.exploit-db.com/exploits/42627/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
- https://www.kb.cert.org/vuls/id/112992
- http://www.securityfocus.com/bid/100609
- http://www.securitytracker.com/id/1039263
- https://access.redhat.com/security/cve/CVE-2017-9805
- https://exploit-db.com/exploits/42627/
- https://exploit-db.com/raw/42627/
- **debug**
Debug Mode
- **url**
The Target URL [Format: scheme://host]
- **help**
Display The Help Menu
- **user-agent**
User-Agent To Send To Server
- **cookie**
Cookie String To Use
- **auth**
Credentials To Use For HTTP Login [Format: username:password]
- **cmd**
The Command To Execute On Remote Server
- **proxy**
Proxy Server To Use [Format: scheme://host:port]
- **timeout**
Max Timeout For The HTTP Requests
- **verbose**
Be More Verbose
--url [VALUE] : The Target URL [Format: scheme://host]
--user-agent [VALUE] : User-Agent To Send To Server
--cookie [VALUE] : Cookie String To Use
--proxy [VALUE] : Proxy Server To Use [Format: scheme://host:port]
--timeout [VALUE] : Max Timeout For The HTTP Requests
--auth [VALUE] : Credentials To Use For HTTP Login [Format: username:password]
--help : Display The Help Menu
--verbose : Be More Verbose
--debug : Debug Mode
--cmd [VALUE] : The Command To Execute On Remote Server
```