NOMISEC-Ekultek/Strutter

NOMISEC WORKING POC

Exploit for CVE-2018-11776 - Apache Struts 2 Namespace Redirect OGNL Injection

AI Analysis

This repository contains a functional proof-of-concept exploit for CVE-2018-11776, targeting Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. It includes a payload generator for remote code execution and integrates with the Shodan API for target discovery.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type remote

Files 3

https://github.com/Ekultek/Strutter

Stars 21

Forks 5

Last Push Sep 12, 2018

Authors

Ekultek

Vulnerability

CVE-2018-11776

Apache Struts 2 Namespace Redirect OGNL Injection

HIGH KEV

CVSS 8.1