There was recently a RCE vulnerability on Apache Struts, very serious vulnerability, getting a CVE rating of 10.0, the highest. Known as CVE-2017-5638
For those that do not know what Apache Strut is:
Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. It favors convention over configuration, is extensible using a plugin architecture, and ships with plugins to support REST, AJAX and JSON.
Officially backed by apache as seen on their website: https://struts.apache.org/
For those who don’t know further, Apache is a web server running application, while Java is a programming language, not to be confused with Javascript, they are 2 different things.
Struts is an add on to apache that allows you to use Java servlets
Jakarta is the umbrella name for a number of Java-based programming projects that were run for the community by Apache.
This is a very serious vulnerability, enterprises running the servlet applications are getting ransomwares and databases leaked and so forth.
Alternatively for pentesting purposes and for mobility you can download this python script to see if your website is vulnerable: https://github.com/mazen160/struts-pwn
You can check if your website is vuln via this google dork:
site:YOURWEB intitle:”Struts Problem Report” intext:”development mode is enabled.”
Once you found a vulnerable page proceed to the following:
- Change your GET or POST request with a proxying system such as Burpsuite or Fiddler
- On the Content-Type insert your bash code, separated by ; to execute multiple lines
- And wha-la your site is vulnerable
Such simple exploit was discovered in Shanghai China captured by the Rapid 7 team. To fix it, update your server software.
zChees3 