NOMISEC-hook-s3c/CVE-2018-11776-Python-PoC

NOMISEC WORKING POC

Exploit for CVE-2018-11776 - Apache Struts 2 Namespace Redirect OGNL Injection

AI Analysis

This repository contains a working Python PoC for CVE-2018-11776, an Apache Struts2 RCE vulnerability. It includes scripts to test vulnerability and execute commands, including reverse shells, via OGNL injection in URL paths.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type remote

Files 5

https://github.com/hook-s3c/CVE-2018-11776-Python-PoC

Stars 123

Forks 49

Last Push Aug 25, 2018

Authors

hook-s3c xfox64x Man Yue Mo jiguang7 Menin_TheMiddle piesecurity

Vulnerability

CVE-2018-11776

Apache Struts 2 Namespace Redirect OGNL Injection

HIGH KEV

CVSS 8.1