CVE-2023-50164

This repository contains a functional exploit for CVE-2023-50164, demonstrating a path traversal vulnerability in Apache Struts that leads to remote code execution (RCE) via malicious file upload. The exploit uploads a WAR file containing a JSP webshell to a vulnerable endpoint, then interacts with the webshell for command execution.

This repository contains a functional exploit PoC for CVE-2023-50164, which targets a path traversal vulnerability in Apache Struts 2. The exploit constructs a malicious WAR file, uploads it via a multipart form, and verifies successful deployment by checking the target path.

This repository provides a Dockerized vulnerable environment for CVE-2023-50164, an Apache Struts 2 file upload vulnerability leading to RCE via path traversal. It includes a vulnerable Java-based upload endpoint with a flawed file extension filter that can be bypassed.

This repository contains a functional Proof of Concept (PoC) for CVE-2023-50164, demonstrating a path traversal vulnerability in Apache Struts that can lead to Remote Code Execution (RCE). The PoC includes vulnerable and patched versions of a file upload action, showcasing the exploit and mitigation.

This repository contains a functional exploit PoC for CVE-2023-50164, which leverages a file upload vulnerability to overwrite arbitrary files on the target system. The script crafts a multipart request to upload a benign file and then overwrites it with a user-specified path, demonstrating the vulnerability.

This repository provides a Dockerized WordPress environment with the vulnerable Really Simple SSL plugin (version 9.1.1.1) to demonstrate CVE-2024-10924, an authentication bypass flaw in the Two-Factor Authentication feature. The setup includes a pre-configured WordPress instance with the vulnerable plugin installed, allowing for testing of the exploit.

This repository contains a functional PoC for CVE-2023-50164, demonstrating a path traversal vulnerability in Apache Struts2 leading to RCE via file upload. The exploit uploads a malicious WAR file containing a JSP webshell, which can then execute arbitrary commands.

This repository contains a functional exploit for CVE-2023-50164, targeting Apache Struts 2's file upload vulnerability to achieve remote code execution (RCE) via path traversal. The exploit crafts a malicious PNG file with embedded JSP code and uploads it to a vulnerable endpoint.

This repository contains a functional exploit for CVE-2023-50164, a file path traversal vulnerability in Apache Struts. The exploit demonstrates arbitrary file upload to achieve remote code execution by leveraging directory traversal sequences in the file upload parameter.

This repository contains a basic Struts 2 application setup with Docker and Kubernetes configurations but lacks any exploit code or technical details for CVE-2023-50164. It appears to be a placeholder for demonstrating Sysdig's detection capabilities rather than a functional PoC.

This repository provides a Dockerfile and a vulnerable WAR file to test CVE-2023-50164, an RCE vulnerability in Apache Struts. The setup includes a pre-configured environment with Tomcat and the vulnerable application, allowing researchers to replicate the exploit.

The repository provides PowerShell and Bash scripts to scan for Struts2 JAR/WAR/EAR files containing 'struts2-core' to identify vulnerable versions. It does not include exploit code but aids in detection.

This repository contains a functional exploit for CVE-2023-50164, demonstrating a path traversal vulnerability in Apache Struts2 to upload a malicious WAR file (webshell.war) to a Tomcat server's webapps directory, achieving remote code execution (RCE). The PoC includes a Dockerized vulnerable application and an exploit script that automates the attack.

This repository contains a functional exploit for CVE-2023-50164, targeting Apache Struts2 with a path traversal vulnerability leading to RCE. The tool includes multiple exploitation methods such as file upload, webshell deployment, and version detection via Docker or system commands.

This repository contains a functional exploit for CVE-2023-50164, demonstrating path traversal and RCE in Apache Struts via manipulated file upload parameters. The exploit uploads a malicious WAR file to achieve remote code execution.

The repository contains functional exploit code for CVE-2023-50164, which targets a vulnerability in Apache Struts2. The exploit uploads a malicious WAR file containing a JSP webshell to achieve remote code execution (RCE).

The repository contains minimal content with incomplete setup instructions and no actual exploit code or technical analysis for CVE-2023-50164. It lacks depth and functional details.

This repository contains a functional exploit for CVE-2023-50164, demonstrating a path traversal vulnerability in Apache Struts file upload functionality. The exploit uploads a malicious WAR file to achieve remote code execution (RCE) via a JSP webshell.