CVE-2017-5638 PoC Code in Python | DORK: ext:action

Example PoC Code for CVE-2017-5638 | Apache Struts Exploit | DORK: ext:action

USAGE: python struts.py https://victim.site dir

The initial Python Script that was Posted didn't correctly format the Content-Type Header. I recoded the Content Type Header to properly format Content-Type:%20{Exploit}. I also added a logging and Requests, then dumped the Object Properties to stdout.

SAMPLE OUTPUT

Check for CVE-2017-5638 by XSS.Cx

Volume in drive D has no label. Volume Serial Number is 2A7B-A245 Directory of d:\Program Files\Apache Software Foundation\Tomcat 9.0

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
README.md		README.md
curl-poc-for-cve-2017-5638.txt		curl-poc-for-cve-2017-5638.txt
cve-2017-5638.py		cve-2017-5638.py
example-exploit-catalina-dump-file-example-public-domain-logfile.txt		example-exploit-catalina-dump-file-example-public-domain-logfile.txt
one-line-poc.py		one-line-poc.py
sample-output.txt		sample-output.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2017-5638 PoC Code in Python | DORK: ext:action

About

Releases

Packages

Languages

xsscx/cve-2017-5638

Folders and files

Latest commit

History

Repository files navigation

CVE-2017-5638 PoC Code in Python | DORK: ext:action

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages