nomisec
WORKING POC
94 stars
by TAM-K592 · poc
https://github.com/TAM-K592/CVE-2024-53677-S2-067
This repository contains a working PoC for CVE-2024-53677, a critical Apache Struts RCE vulnerability. It includes a non-destructive detection script and an exploit script that demonstrates file upload manipulation and remote command execution.
Classification
Working Poc 95%
Target:
Apache Struts 2.0.0 to 2.5.33, 6.0.0 to 6.3.0.2
No auth needed
Prerequisites:
Target running vulnerable Apache Struts version · Access to file upload endpoint
github
WORKING POC
40 stars
by iSee857 · pythonpoc
https://github.com/iSee857/CVE-PoC/tree/main/Struts2(CVE-2024-53677,S2-067).py
The repository contains functional exploit code for CVE-2024-53677, demonstrating command execution via a session-based shell endpoint in OpenCode. The script includes multi-threaded scanning capabilities and validates vulnerability by checking for 'uid=' and 'gid=' in the response.
Classification
Working Poc 95%
Target:
OpenCode (version unspecified)
No auth needed
Prerequisites:
Network access to target · OpenCode session endpoint accessible
nomisec
WORKING POC
15 stars
by EQSTLab · remote
https://github.com/EQSTLab/CVE-2024-53677
This is a functional exploit for CVE-2024-53677, targeting Apache Struts2 file upload vulnerabilities. It allows path traversal and uploads a malicious JSP file to achieve remote code execution.
Classification
Working Poc 95%
Target:
Apache Struts2 versions 2.0.0 to 6.3.0
No auth needed
Prerequisites:
Target server running vulnerable Apache Struts2 version · File upload functionality accessible
nomisec
WORKING POC
9 stars
by cloudwafs · poc
https://github.com/cloudwafs/s2-067-CVE-2024-53677
This repository contains a working PoC for CVE-2024-53677, a file upload vulnerability in Apache Struts 2 that allows path traversal and potential RCE via malicious JSP file uploads. The PoC includes both a non-destructive detection script and an exploit script that uploads a JSP payload for command execution.
Classification
Working Poc 95%
Target:
Apache Struts 2.0.0 - 2.3.37 (EOL), 2.5.0 - 2.5.33, 6.0.0 - 6.3.0.2
No auth needed
Prerequisites:
Target must be running a vulnerable version of Apache Struts 2 · File upload functionality must be exposed and using FileUploadInterceptor
nomisec
WORKING POC
3 stars
by c4oocO · poc
https://github.com/c4oocO/CVE-2024-53677-Docker
This repository provides a Docker-based environment to reproduce CVE-2024-53677, an Apache Struts 2 RCE vulnerability involving path traversal and arbitrary file upload. The PoC includes a modified file upload handler using FileUploadInterceptor, demonstrating the vulnerability by allowing unrestricted file uploads.
Classification
Working Poc 90%
Target:
Apache Struts 2 (specific version not specified)
No auth needed
Prerequisites:
Docker environment · Access to the vulnerable Struts 2 application
nomisec
WORKING POC
3 stars
by shishirghimir · poc
https://github.com/shishirghimir/CVE-2024-53677-Exploit
This is a Python-based exploit for CVE-2024-53677 that uploads a JSP web shell to a vulnerable server and allows remote command execution. The script automates the upload process and provides an interactive shell for executing commands on the target system.
Classification
Working Poc 90%
Target:
Unknown (likely a web application with a vulnerable file upload endpoint)
No auth needed
Prerequisites:
A vulnerable target with an exposed file upload endpoint · Network access to the target server · A JSP shell file named 'shell.jsp'
nomisec
WORKING POC
3 stars
by SeanRickerd · remote
https://github.com/SeanRickerd/CVE-2024-53677
This repository provides a functional PoC for CVE-2024-53677, an Apache Struts 2 RCE vulnerability via path traversal in file uploads. It includes a Python script to exploit the vulnerability and a containerized environment for testing.
Classification
Working Poc 95%
Target:
Apache Struts 2
No auth needed
Prerequisites:
Access to a vulnerable Apache Struts 2 instance · Network connectivity to the target
nomisec
WORKING POC
3 stars
by yangyanglo · remote
https://github.com/yangyanglo/CVE-2024-53677
This repository contains a Python script that exploits CVE-2024-53677, a file upload vulnerability in Apache Struts2. The exploit allows arbitrary file upload with path traversal, leading to potential RCE if the uploaded file is executable.
Classification
Working Poc 90%
Target:
Apache Struts2 (version not specified)
No auth needed
Prerequisites:
Target must allow unrestricted file uploads · Attacker must know the upload endpoint
nomisec
WORKING POC
2 stars
by dustblessnotdust · remote
https://github.com/dustblessnotdust/CVE-2024-53677-S2-067-thread
This is a Python-based exploit for CVE-2024-53677, targeting Apache Struts 2.0.0-2.5.33 and 6.0.0-6.3.0.2. It leverages a file upload vulnerability with path traversal to deploy a JSP webshell, enabling remote code execution (RCE).
Classification
Working Poc 95%
Target:
Apache Struts 2.0.0-2.5.33, 6.0.0-6.3.0.2
No auth needed
Prerequisites:
Access to a vulnerable Struts upload endpoint · Network connectivity to the target
nomisec
WORKING POC
2 stars
by r007sec · remote
https://github.com/r007sec/CVE-2024-53677
This is a functional exploit for CVE-2024-53677, targeting Apache Struts via path traversal in file upload functionality to achieve RCE. It uploads a malicious WAR file disguised as a GIF, deploys it to the webapps directory, and provides an interactive shell.
Classification
Working Poc 95%
Target:
Apache Struts (version not specified)
No auth needed
Prerequisites:
Vulnerable Apache Struts instance with exposed file upload endpoint · Network access to the target
nomisec
WORKING POC
1 stars
by Cythonic1 · remote
https://github.com/Cythonic1/CVE-2024-53677-POC
This repository contains a Go-based PoC for CVE-2024-53677, an Apache Struts path traversal vulnerability leading to LFI and RCE. The exploit automates file upload and path discovery to achieve remote code execution.
Classification
Working Poc 95%
Target:
Apache Struts (version not specified)
No auth needed
Prerequisites:
Target running vulnerable Apache Struts · Network access to the target
nomisec
WORKING POC
1 stars
by punitdarji · remote
https://github.com/punitdarji/Apache-struts-cve-2024-53677
This PoC exploits a file upload vulnerability in Apache Struts (CVE-2024-53677) by leveraging parameter overwrite and path traversal to upload arbitrary files, potentially leading to remote code execution (RCE) via a webshell.
Classification
Working Poc 90%
Target:
Apache Struts (version not explicitly specified, likely affected by S2-067)
No auth needed
Prerequisites:
Target with vulnerable Apache Struts instance · Accessible file upload endpoint · Network connectivity to the target
nomisec
WORKING POC
by 0xPThree · remote
https://github.com/0xPThree/struts_cve-2024-53677
This repository contains a proof-of-concept for CVE-2024-53677, demonstrating a file upload vulnerability in Apache Struts 6.3.0.1. The exploit leverages OGNL injection to overwrite filenames, allowing arbitrary file uploads.
Classification
Working Poc 95%
Target:
Apache Struts 6.3.0.1
No auth needed
Prerequisites:
Access to the vulnerable upload endpoint
nomisec
WRITEUP
by hopsypopsy8 · remote
https://github.com/hopsypopsy8/CVE-2024-53677-Exploitation
This repository provides a detailed writeup on exploiting CVE-2024-53677, a file upload vulnerability in Apache Struts that allows remote code execution via path traversal and OGNL injection. It includes reconnaissance steps, exploitation techniques using BurpSuite, and payload delivery methods.
Classification
Writeup 90%
Target:
Apache Struts 2.0.0 to 6.3.0.1
No auth needed
Prerequisites:
Access to file upload functionality · BurpSuite or similar tool for request manipulation · Network access to the target
nomisec
WORKING POC
by MartinxMax · remote
https://github.com/MartinxMax/CVE-2024-53677
This PoC exploits CVE-2024-53677 by uploading a malicious JSP webshell disguised as a JPG file via a file upload vulnerability. It bypasses file extension restrictions by embedding JSP code within a JPG header and uses path traversal to place the shell in a predictable location.
Classification
Working Poc 95%
Target:
Unknown (likely a web application with file upload functionality)
No auth needed
Prerequisites:
Target URL with vulnerable upload endpoint · Network access to the target
nomisec
WORKING POC
by 0xdeviner · poc
https://github.com/0xdeviner/CVE-2024-53677
This repository provides a Docker-based lab environment to reproduce CVE-2024-53677, a path traversal vulnerability in Apache Struts 2's file upload functionality. The included Java code demonstrates the vulnerable file upload mechanism that can be exploited for RCE.
Classification
Working Poc 90%
Target:
Apache Struts 2
No auth needed
Prerequisites:
Docker environment · Network access to the target
nomisec
WORKING POC
by seoyoung-kang · remote
https://github.com/seoyoung-kang/CVE-2024-53677
This repository contains a functional PoC for CVE-2024-53677, an Apache Struts2 file upload vulnerability leading to RCE via JSP webshell deployment. It includes a minimal exploit script and a comprehensive tool for detection, version checking, and payload delivery.
Classification
Working Poc 95%
Target:
Apache Struts2 (2.0.0 ≤ v < 6.4.0)
No auth needed
Prerequisites:
Target must be running vulnerable Apache Struts2 version · File upload endpoint must be accessible