CVE-2017-5638

This Metasploit module exploits CVE-2017-5638, a remote code execution vulnerability in Apache Struts via malicious Content-Type header manipulation. It supports both command execution and payload delivery for Unix and Windows systems.

This exploit leverages CVE-2017-5638, a remote code execution vulnerability in Apache Struts2 due to improper handling of Content-Type headers. The payload uses OGNL expression injection to execute arbitrary commands on the target system.

This repository contains a functional Python exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2017-5638, an Apache Struts2 RCE vulnerability. The exploit leverages OGNL injection to execute arbitrary commands on vulnerable systems.

This repository contains a functional exploit for CVE-2017-5638 (Struts2 S2-045), which allows remote command execution via a maliciously crafted Content-Type header. The tool includes features for command execution, file upload, and obtaining the target's physical path.

This repository contains multiple Python scripts demonstrating the exploitation of CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploits leverage OGNL injection via malformed Content-Type headers to execute arbitrary commands on the target system.

This repository contains a working proof-of-concept exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. The exploit leverages a malicious Content-Type header to execute arbitrary commands on the target system.

This repository contains only a README file referencing the Struts2 S2-045 vulnerability (CVE-2017-5638) without any actual exploit code or technical details. It appears to be a placeholder or stub for a vulnerability environment setup.

This is a working proof-of-concept exploit for CVE-2017-5638, targeting a null-byte variant in the Content-Disposition header of Apache Struts2. It leverages OGNL injection to achieve remote code execution (RCE) by crafting a malicious payload in the filename field.

This repository contains a Python-based PoC for CVE-2017-5638, a critical RCE vulnerability in Apache Struts 2. The exploit leverages OGNL injection via malformed Content-Type headers to execute arbitrary commands on vulnerable systems.

This repository contains a functional exploit for CVE-2017-5638, targeting Apache Struts 2.3.5 to 2.3.31 and 2.5 to 2.5.10. The exploit leverages incorrect exception handling in the Jakarta Multipart parser to execute arbitrary commands via crafted HTTP headers.

This repository contains a functional exploit and scanner for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands on vulnerable servers.

This repository contains a functional Python exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands on the target system.

This repository contains a functional PoC for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands on the target system.

This is a Python-based exploit for CVE-2017-5638, targeting Apache Struts2 with an OGNL injection payload to achieve remote code execution. It automates the exploitation process by reading target URLs from a file and sending crafted HTTP requests.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands on the target system.

This repository contains a Python script that exploits CVE-2017-5638, a vulnerability in Apache Struts2 that allows remote command execution via malformed Content-Type headers. The script supports blind and time-based command injection techniques for both Windows and Linux platforms.

This repository contains a writeup and analysis of CVE-2017-5638, a Struts2 RCE vulnerability. It includes a Zeek script for detecting and tracking exploitation attempts, malware URLs, and compromise indicators.

This repository contains a Python script that exploits CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. The exploit leverages a malformed Content-Type header to execute arbitrary OS commands on vulnerable servers, distinguishing between Linux and Windows targets.

This is a functional exploit for CVE-2017-5638 (Struts2 s2-045), leveraging a malicious Content-Type header to achieve remote code execution (RCE) via OGNL injection. The PoC sends a crafted payload to execute arbitrary commands on vulnerable Struts2 instances.

This PoC demonstrates CVE-2017-5638 by sending a crafted Content-Type header with an OGNL expression to test for vulnerability in Apache Struts2. It safely checks for the presence of a custom response header to confirm exploitation potential without executing malicious payloads.

This repository contains a working PoC for CVE-2017-5638, an Apache Struts 2 RCE vulnerability. It includes a Flask-based WAF simulation and a script to check and exploit the vulnerability via OGNL injection.

This is a functional exploit for CVE-2017-5638, targeting Apache Struts 2. It leverages OGNL injection to achieve remote command execution (RCE) on vulnerable systems.

This repository contains a Python-based interactive shell exploit for CVE-2017-5638, an Apache Struts2 RCE vulnerability. The PoC constructs an OGNL payload to execute arbitrary commands on the target system via a vulnerable Struts endpoint.

This repository contains functional exploit code for CVE-2017-5638 (Apache Struts2 S2-045) and CVE-2021-41773 (Apache HTTP Server path traversal). It includes scripts for reconnaissance, initial foothold, lateral movement, and remote code execution, demonstrating a full kill chain in a Docker-based lab environment.

This repository contains a bash script designed to scan for Apache Struts libraries on a system, identifying their versions and paths. It does not exploit CVE-2017-5638 but helps in assessing vulnerability exposure.

This is a functional exploit for CVE-2017-5638, leveraging OGNL injection in Apache Struts2 to achieve remote command execution. It supports both single command execution and a pseudo-interactive shell.

The repository contains only a README with a placeholder usage example for a Struts exploit. No actual exploit code or technical details are provided.

The repository contains only a README with a usage example for an exploit named 'Strutshock' targeting CVE-2017-5638, but no actual exploit code or technical details are provided.

This repository contains a PHP-based mass exploiter for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. The exploit leverages OGNL injection to execute arbitrary commands on vulnerable systems.

This is a functional exploit for CVE-2017-5638, leveraging an OGNL injection vulnerability in Apache Struts2 to execute arbitrary commands. The payload constructs a malicious Content-Type header to trigger remote code execution.

This repository contains a Docker-based lab demonstrating exploitation and defense against CVE-2017-5638 (Apache Struts2 S2-045). It includes a vulnerable Struts 2.3.31 application and a patched Struts 6.3.x application with WAF protection.

This is a Python-based exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. It leverages OGNL injection via the Content-Type header to execute arbitrary commands on vulnerable systems.

This repository contains a functional Python-based PoC for CVE-2017-5638, a critical RCE vulnerability in Apache Struts 2. The exploit leverages OGNL expression injection via the Content-Type header to execute arbitrary commands on vulnerable systems.

This repository contains a functional exploit for CVE-2017-5638, leveraging OGNL injection in Apache Struts 2 to achieve remote command execution. The PoC constructs a malicious HTTP request with an OGNL payload to execute arbitrary commands on the target system.

This is a functional exploit for CVE-2017-5638, leveraging an OGNL injection vulnerability in Apache Struts2 to achieve remote command execution. The script constructs a malicious Content-Type header to execute arbitrary commands on the target system.

This repository contains a Python script that exploits CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. The exploit leverages incorrect exception handling in the Jakarta Multipart parser to execute arbitrary commands via crafted HTTP headers.

This repository contains a functional proof-of-concept exploit for CVE-2017-5638, leveraging OGNL injection in Apache Struts2 to achieve remote code execution via malicious Content-Type headers. The PoC includes a custom Command class and demonstrates command execution through ProcessBuilder.

This is a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. It leverages OGNL injection to execute arbitrary commands on vulnerable systems.

This repository contains a proof-of-concept exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. The exploit leverages a malicious Content-Type header to execute arbitrary commands via the Struts REST plugin.

This is a Java-based proof-of-concept exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. It leverages a crafted Content-Type header to execute arbitrary commands on vulnerable systems.

This PoC exploits CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. It writes a JSP webshell to the target server and provides a pseudo-shell interface for command execution.

This repository contains a functional exploit for CVE-2017-5638, leveraging an OGNL injection vulnerability in Apache Struts2 to achieve remote command execution. The exploit constructs a malicious Content-Type header to execute arbitrary commands on the target system.

This repository contains two bash scripts demonstrating remote code execution (RCE) exploits for CVE-2017-5638 (S2-046) and CVE-2017-5638 (S2-045) in Apache Struts2. The exploits leverage OGNL injection via malformed Content-Type headers to execute arbitrary commands (e.g., 'id' or 'whoami').

This is a functional PHP exploit for CVE-2017-5638, leveraging OGNL injection in Apache Struts2 to achieve remote code execution. The payload constructs a malicious Content-Type header to execute arbitrary commands on the target system.

This repository provides a Tomcat Valve implementation to mitigate CVE-2017-5638 (Struts2 RCE) by rejecting requests with OGNL expressions in the Content-Type header. It is a defensive tool rather than an exploit.

The repository contains a detailed technical analysis of CVE-2017-5638, including multiple images and a README. The images appear to be screenshots or diagrams explaining the vulnerability, likely covering root cause analysis, exploit mechanics, or patch diffs.

This repository contains a project proposal and README for an academic analysis of CVE-2017-5638, a remote code execution vulnerability in Apache Struts. It outlines objectives, methodology, and expected outcomes but does not include exploit code or technical details.

This repository contains a functional Docker-based lab environment demonstrating a multi-stage attack chain exploiting CVE-2017-5638 (Apache Struts2 OGNL injection) and CVE-2021-41773 (Apache HTTP Server path traversal/RCE). It includes fully automated exploit scripts, IDS monitoring, and realistic network pivoting.

This repository contains a functional exploit for CVE-2017-5638, including a vulnerable Struts2 server and a PowerShell exploit script that demonstrates the OGNL injection leading to RCE. It also includes detailed technical documentation and diagrams explaining the attack chain.

This repository contains a functional exploit PoC for CVE-2017-5638, an OGNL injection vulnerability in Apache Struts2. It includes a vulnerable backend (Struts2 2.3.28) and a PowerShell exploit script demonstrating the attack via malicious Content-Type header injection.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages an OGNL injection flaw in the REST plugin to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages an OGNL injection flaw in the REST plugin to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands on the target system. The repository includes a Dockerfile for setting up a vulnerable environment and a Python script to demonstrate the exploit.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands on the target system. The repository includes a Docker setup for testing the exploit against a vulnerable Struts2 application.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages a malicious Content-Type header to execute arbitrary commands on the target system. The repository includes a Dockerfile to set up a vulnerable environment and a Python script to demonstrate the exploit.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. It includes a Dockerized vulnerable application and a Python exploit script that leverages OGNL injection to execute arbitrary commands.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages an OGNL injection flaw in the REST plugin to execute arbitrary commands on the target system.

This repository provides a functional Docker-based lab environment for testing CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. It includes a vulnerable container setup and a working exploit example using a crafted Content-Type header.

This repository contains a proof-of-concept exploit for CVE-2017-5638, an Apache Struts2 RCE vulnerability. The exploit leverages a malicious Content-Type header to execute arbitrary code via OGNL injection.

This repository contains only a README file describing CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. No actual exploit code or proof-of-concept is present.

This repository contains a real-time anomaly detection system for CVE-2017-5638, an RCE vulnerability in Apache Struts. It uses behavioral analysis, byte-level n-gram extraction, and probabilistic data structures to detect exploitation attempts without relying on signatures.

This is a functional Python-based PoC for CVE-2017-5638, exploiting a Remote Code Execution vulnerability in Apache Struts 2 via a maliciously crafted Content-Type header. The exploit leverages OGNL injection to execute arbitrary commands on the target system.

This repository contains minimal Java code for a Struts2 project but lacks any exploit implementation for CVE-2017-5638. It only includes a basic build configuration and a trivial Action class.

This repository contains a deliberately vulnerable Struts 2 web application designed to demonstrate CVE-2021-44228 (Log4Shell). The application includes vulnerable components that allow for remote code execution via Log4j logging.

This repository contains a functional proof-of-concept exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands on the target system.

This repository contains a Python script designed to scan for CVE-2017-5638 (Apache Struts 2 RCE) by injecting a benign HTTP header and checking for its presence in the response. It supports multithreading for large-scale validation.

This is a functional exploit for CVE-2017-5638, targeting Apache Struts 2.3.5 to 2.3.31 and 2.5 to 2.5.10. It leverages an OGNL injection vulnerability to achieve remote command execution (RCE) by manipulating the Content-Type header.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. The exploit leverages OGNL injection via a maliciously crafted Content-Type header to execute arbitrary commands on the target system.

This repository contains a functional PoC for CVE-2017-5638, exploiting an OGNL injection vulnerability in Apache Struts2 via malformed Content-Type headers. It includes a custom Command class and demonstrates command execution via ProcessBuilder.

This repository contains a working exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages an OGNL injection flaw in the REST plugin to execute arbitrary commands on the target system.

This repository contains two Python-based exploits for CVE-2017-5638, a critical RCE vulnerability in Apache Struts 2. The exploits leverage OGNL injection via malformed Content-Type headers to execute arbitrary commands on the target system.

This repository provides a detailed writeup on CVE-2017-5638, a critical RCE vulnerability in Apache Struts 2 due to OGNL expression injection in HTTP headers. It includes vulnerability details, exploit mechanics, and a case study on the Equifax breach.

This repository contains multiple proof-of-concept exploits for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. The exploits demonstrate command injection via malformed Content-Type headers, targeting vulnerable Struts applications.

This repository provides a Docker-based environment to test CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2.3.31. It includes a curl command with an OGNL payload to exploit the vulnerability and execute arbitrary commands.

This is a Python3 port of the original CVE-2017-5638 exploit for Apache Struts2 S2-045. It leverages an OGNL injection vulnerability to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. It includes a mass scanner (dorker) to find vulnerable targets and an exploit script to execute arbitrary commands or spawn reverse shells.

This is a functional exploit for CVE-2017-5638, leveraging an OGNL injection vulnerability in Apache Struts2 to achieve remote command execution. The payload constructs and executes arbitrary commands via a crafted Content-Type header.

This repository contains a working Python exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. The exploit leverages OGNL injection to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. The exploit uses a crafted Content-Type header with OGNL injection to execute arbitrary commands on the target system.

This repository contains a writeup for CVE-2017-5638, the Apache Struts 2 vulnerability that led to the Equifax breach. It describes how to apply and patch against the exploit but does not include functional exploit code.

This Go-based tool scans for CVE-2017-5638 (Apache Struts2 RCE) by sending a crafted Content-Type header and checking for a custom response header. It supports concurrent scanning of multiple targets and ports.

This repository contains a functional proof-of-concept exploit for CVE-2017-5638, an Apache Struts2 RCE vulnerability. It includes scripts to scan for vulnerable targets and execute arbitrary commands via a crafted Content-Type header.

This is a functional exploit for CVE-2017-5638, targeting Apache Struts2 with an OGNL injection payload to achieve remote code execution. It includes a mass scanner capability and an interactive shell for command execution.

This repository provides instructions for setting up a vulnerable Docker environment for CVE-2017-5638, a critical Apache Struts 2 RCE vulnerability. It includes steps to build and run a Docker container with a vulnerable Tomcat instance and references a vulnerable Struts application.

The repository contains only a README.md file with the CVE identifier and no exploit code or technical details. It appears to be a placeholder or incomplete submission.

This Go-based PoC exploits CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. It crafts a malicious Content-Type header with an OGNL expression to execute arbitrary commands on the target system.

This repository contains two Python scripts for exploiting CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. One script is a full exploit that executes arbitrary commands, while the other is a detection script that checks for vulnerability presence.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands on vulnerable systems.

This repository contains a functional exploit for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages an OGNL injection flaw to execute arbitrary commands on the target system.

This repository contains a Python script that automates the exploitation of CVE-2017-5638 (Apache Struts2 S2-045) by crawling Google search results for vulnerable URLs and executing arbitrary commands via an OGNL injection payload.

This is a Metasploit module for CVE-2017-5638, exploiting a remote command execution vulnerability in Apache Struts versions <= 2.5.10 via malformed Content-Type headers. It includes a check method to verify vulnerability and supports Linux targets with a bind shell payload.

This repository contains multiple proof-of-concept exploits for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2. The exploits leverage OGNL injection to execute arbitrary commands on vulnerable systems.

This repository contains a working PoC for CVE-2017-5638, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands on the target system.

This repository contains a Telegram bot that automates the exploitation of CVE-2017-5638 (Apache Struts2 RCE) to build and manage a botnet. It includes functionality to test vulnerabilities, execute commands on compromised servers, and manage multiple targets via Telegram commands.

This PoC exploits CVE-2017-5638, a remote code execution vulnerability in Apache Struts2 due to improper handling of Content-Type headers. The script sends a malicious OGNL expression via a multipart/form-data request to execute arbitrary commands.

This is a Metasploit Framework test suite for vulnerability information retrieval, specifically testing the MCP (Metasploit Communication Protocol) tool for querying vulnerability data, including CVE-2017-5638 (Apache Struts RCE). It does not contain exploit code but validates the functionality of vulnerability scanning and data retrieval.

This Metasploit module exploits CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2.3.5-2.3.31 and 2.5-2.5.10 via OGNL injection in the Content-Type header. It supports command execution and payload delivery for multiple platforms.