CVE-2017-9805

This exploit leverages a deserialization vulnerability in Apache Struts 2.5 to 2.5.12 via the REST plugin's XStream handler. It constructs a malicious XML payload to execute arbitrary commands on the target system.

This repository provides a detailed writeup and references for CVE-2017-9805 (S2-052), a deserialization vulnerability in Apache Struts 2. It includes links to external PoCs, Metasploit modules, and technical analyses but does not contain direct exploit code.

This repository contains a Python-based exploit for CVE-2017-9805, a deserialization vulnerability in Apache Struts2 REST plugin. The exploit leverages XML payloads to achieve remote code execution (RCE) on vulnerable systems.

This is a functional exploit for CVE-2017-9805, targeting Apache Struts via a malicious XML payload that achieves remote code execution (RCE) through deserialization. It supports both single-target exploitation and bulk scanning with a reverse shell callback mechanism.

This is a functional exploit for CVE-2017-9805, targeting Apache Struts 2.5-2.5.12 via deserialization in the REST plugin. It uses XML payload manipulation to execute arbitrary commands on the target system.

This is a Python exploit for CVE-2017-9805, targeting Apache Struts2's XStream REST deserialization vulnerability (S2-052). It crafts a malicious XML payload to execute arbitrary commands on the target system.

This repository provides a detailed writeup and references for CVE-2017-9805 (S2-052), a remote code execution vulnerability in Apache Struts 2. It includes links to external PoCs, Metasploit modules, and technical analyses but does not contain direct exploit code.

This repository contains a Python-based exploit for CVE-2017-9805, a deserialization vulnerability in Apache Struts 2. The exploit leverages a malicious XML payload to achieve remote code execution (RCE) on vulnerable systems.

This is a functional exploit for CVE-2017-9805, leveraging deserialization in Apache Struts REST plugin to achieve remote code execution. The payload uses a crafted XML with Java gadget chains to execute arbitrary commands.

This is a functional exploit for CVE-2017-9805, leveraging XStream deserialization in Apache Struts2 REST Plugin to achieve remote code execution. The PoC constructs a malicious XML payload that triggers command execution via ProcessBuilder when processed by the vulnerable endpoint.

This repository contains a functional Perl exploit for CVE-2017-9805, targeting Apache Struts REST Plugin's XStream deserialization vulnerability. The exploit crafts a malicious XML payload to achieve remote code execution (RCE) on vulnerable systems.

This exploit leverages CVE-2017-9805, a deserialization vulnerability in Apache Struts2 Rest Plugin, to achieve remote code execution via a malicious XML payload. The payload uses Java deserialization gadgets to execute arbitrary commands on the target system.

This is a Python exploit for CVE-2017-9805, leveraging deserialization in Apache Struts2's XStream REST plugin to achieve remote command execution. The PoC crafts a malicious XML payload to trigger arbitrary command execution via ProcessBuilder.

This script checks for the presence of vulnerable Struts2 REST plugin paths by fuzzing common versioned URIs. It does not exploit CVE-2017-9805 but identifies potentially vulnerable endpoints.

This repository contains a working exploit for CVE-2017-9805, a deserialization vulnerability in Apache Struts2 REST plugin. The exploit leverages XML payloads to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2017-9805, leveraging XML deserialization in Apache Struts REST plugin to achieve remote code execution via a crafted payload. The exploit uses a malicious object graph to trigger ProcessBuilder.start() for arbitrary command execution.

This repository contains a functional Python exploit for CVE-2017-9805, leveraging deserialization in Apache Struts 2 via a crafted XML payload. The exploit sends a malicious HTTP PUT request with a serialized payload that triggers remote code execution (RCE) through Java deserialization gadgets.

This repository provides a technical analysis and description of CVE-2017-9805, an RCE vulnerability in Apache Struts 2 due to unsafe XStream deserialization in the REST plugin. It includes details about the vulnerability but does not contain actual exploit code.

This repository contains a proof-of-concept for CVE-2017-9805, which exploits a deserialization vulnerability in Apache Struts REST plugin. The code demonstrates how an attacker can manipulate XML payloads to execute arbitrary commands on the server.

The repository contains a functional Perl exploit for CVE-2017-9805, targeting Apache Struts REST plugin deserialization vulnerability. The exploit crafts a malicious XML payload to achieve remote code execution via XStream deserialization.

This repository contains a functional exploit for CVE-2017-9805, targeting Apache Struts 2.5 to 2.5.12 via deserialization in the REST plugin. The exploit leverages XStream to execute arbitrary commands on the target system.

This repository contains a proof-of-concept for CVE-2017-9805, a REST plugin XStream deserialization vulnerability in Apache Struts. The exploit leverages insecure deserialization to achieve remote code execution (RCE).

This is a Python-based exploit for CVE-2017-9805, targeting Apache Struts2 Rest Plugin XStream RCE. It constructs a malicious XML payload to execute arbitrary commands via deserialization.

This repository contains only a README file with no exploit code or technical details. It appears to be a placeholder or documentation stub for CVE-2017-9805, which is a deserialization vulnerability in Apache Struts.

This script fuzz-tests for CVE-2017-9805 by checking for vulnerable Apache Struts REST plugin paths. It logs potentially vulnerable URIs and optionally launches a Metasploit exploit module.

This Metasploit module exploits CVE-2017-9805, a Java deserialization vulnerability in Apache Struts 2 REST plugin using XStream. It crafts a malicious XML payload to execute arbitrary commands via a ProcessBuilder chain.