CVE-2024-53677

This repository contains a working PoC for CVE-2024-53677, a critical Apache Struts RCE vulnerability. It includes a non-destructive detection script and an exploit script that demonstrates file upload manipulation and remote command execution.

The repository contains functional exploit code for CVE-2024-53677, demonstrating command execution via a session-based shell endpoint in OpenCode. The script includes multi-threaded scanning capabilities and validates vulnerability by checking for 'uid=' and 'gid=' in the response.

This is a functional exploit for CVE-2024-53677, targeting Apache Struts2 file upload vulnerabilities. It allows path traversal and uploads a malicious JSP file to achieve remote code execution.

This repository contains a working PoC for CVE-2024-53677, a file upload vulnerability in Apache Struts 2 that allows path traversal and potential RCE via malicious JSP file uploads. The PoC includes both a non-destructive detection script and an exploit script that uploads a JSP payload for command execution.

This repository provides a functional PoC for CVE-2024-53677, an Apache Struts 2 RCE vulnerability via path traversal in file uploads. It includes a Python script to exploit the vulnerability and a containerized environment for testing.

This is a Python-based exploit for CVE-2024-53677 that uploads a JSP web shell to a vulnerable server and allows remote command execution. The script automates the upload process and provides an interactive shell for executing commands on the target system.

This repository contains a Python script that exploits CVE-2024-53677, a file upload vulnerability in Apache Struts2. The exploit allows arbitrary file upload with path traversal, leading to potential RCE if the uploaded file is executable.

This repository provides a Docker-based environment to reproduce CVE-2024-53677, an Apache Struts 2 RCE vulnerability involving path traversal and arbitrary file upload. The PoC includes a modified file upload handler using FileUploadInterceptor, demonstrating the vulnerability by allowing unrestricted file uploads.

This is a functional exploit for CVE-2024-53677, targeting Apache Struts via path traversal in file upload functionality to achieve RCE. It uploads a malicious WAR file disguised as a GIF, deploys it to the webapps directory, and provides an interactive shell.

This is a Python-based exploit for CVE-2024-53677, targeting Apache Struts 2.0.0-2.5.33 and 6.0.0-6.3.0.2. It leverages a file upload vulnerability with path traversal to deploy a JSP webshell, enabling remote code execution (RCE).

This repository contains a Go-based PoC for CVE-2024-53677, an Apache Struts path traversal vulnerability leading to LFI and RCE. The exploit automates file upload and path discovery to achieve remote code execution.

This PoC exploits a file upload vulnerability in Apache Struts (CVE-2024-53677) by leveraging parameter overwrite and path traversal to upload arbitrary files, potentially leading to remote code execution (RCE) via a webshell.

The repository contains only a README with a brief description of CVE-2024-53677 but no actual exploit code, technical details, or proof-of-concept implementation. It lacks depth and functional content.

This PoC exploits CVE-2024-53677 by uploading a malicious JSP webshell disguised as a JPG file via a file upload vulnerability. It bypasses file extension restrictions by embedding JSP code within a JPG header and uses path traversal to place the shell in a predictable location.

This repository contains a functional PoC for CVE-2024-53677, an Apache Struts2 file upload vulnerability leading to RCE via JSP webshell deployment. It includes a minimal exploit script and a comprehensive tool for detection, version checking, and payload delivery.

This repository provides a detailed writeup on exploiting CVE-2024-53677, a file upload vulnerability in Apache Struts that allows remote code execution via path traversal and OGNL injection. It includes reconnaissance steps, exploitation techniques using BurpSuite, and payload delivery methods.

This repository contains a proof-of-concept for CVE-2024-53677, demonstrating a file upload vulnerability in Apache Struts 6.3.0.1. The exploit leverages OGNL injection to overwrite filenames, allowing arbitrary file uploads.

This repository provides a Docker-based lab environment to reproduce CVE-2024-53677, a path traversal vulnerability in Apache Struts 2's file upload functionality. The included Java code demonstrates the vulnerable file upload mechanism, and the Docker setup allows for easy deployment and testing.

This repository provides a Docker-based lab environment to reproduce CVE-2024-53677, a path traversal vulnerability in Apache Struts 2's file upload functionality. The included Java code demonstrates the vulnerable file upload mechanism that can be exploited for RCE.

This repository contains a functional exploit for CVE-2024-53677, targeting a path traversal vulnerability in Apache Struts' FileUploadInterceptor. The exploit uploads a malicious JSP file to achieve remote code execution (RCE) by bypassing filename sanitization via OGNL expression manipulation.