mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
7.0 KiB
7.0 KiB
CVE-2017-9805
Description
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
POC
Reference
Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/0x00-0x00/-CVE-2017-9805
- https://github.com/0x0d3ad/Kn0ck
- https://github.com/0xd3vil/CVE-2017-9805-Exploit
- https://github.com/0xh4di/PayloadsAllTheThings
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/3llio0T/Active-
- https://github.com/3vikram/Application-Vulnerabilities-Payloads
- https://github.com/5l1v3r1/struts2_rest_xstream
- https://github.com/84KaliPleXon3/Payloads_All_The_Things
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/AvishkaSenadheera/CVE-2017-9805---Documentation---IT19143378
- https://github.com/BeyondCy/S2-052
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CrackerCat/myhktools
- https://github.com/Cyberleet1337/Payloadswebhack
- https://github.com/Delishsploits/PayloadsAndMethodology
- https://github.com/DynamicDesignz/Alien-Framework
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/GhostTroops/TOP
- https://github.com/GhostTroops/myhktools
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/GuynnR/Payloads
- https://github.com/HimmelAward/Goby_POC
- https://github.com/IkerSaint/VULNAPP-vulnerable-app
- https://github.com/JERRY123S/all-poc
- https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
- https://github.com/Jean-Francois-C/Windows-Penetration-Testing
- https://github.com/LearnGolang/LearnGolang
- https://github.com/Lone-Ranger/apache-struts-pwn_CVE-2017-9805
- https://github.com/Maarckz/PayloadParaTudo
- https://github.com/Muhammd/Awesome-Payloads
- https://github.com/Nieuport/PayloadsAllTheThings
- https://github.com/NikolaKostadinov01/Cyber-Security-Base-project-two
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/Pav-ksd-pl/PayloadsAllTheThings
- https://github.com/Prodject/Kn0ck
- https://github.com/Ra7mo0on/PayloadsAllTheThings
- https://github.com/RayScri/Struts2-052-POC
- https://github.com/SavoBit/apache-exploit-demo
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Shakun8/CVE-2017-9805
- https://github.com/Soldie/PayloadsAllTheThings
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/UbuntuStrike/CVE-2017-9805-Apache-Struts-Fuzz-N-Sploit
- https://github.com/UbuntuStrike/struts_rest_rce_fuzz-CVE-2017-9805-
- https://github.com/Vancir/s2-052-reproducing
- https://github.com/XPR1M3/Payloads_All_The_Things
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZarvisD/Struts2_rce_XStream_Plugin
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/albinowax/ActiveScanPlusPlus
- https://github.com/andifalk/struts-rest-showcase
- https://github.com/andrysec/PayloadsAllVulnerability
- https://github.com/anhtu97/PayloadAllEverything
- https://github.com/anquanscan/sec-tools
- https://github.com/apkadmin/PayLoadsAll
- https://github.com/atthacks/struts2_rest_xstream
- https://github.com/ax1sX/Automation-in-Java-Security
- https://github.com/ax1sX/Codeql-In-Java-Security
- https://github.com/aylincetin/PayloadsAllTheThings
- https://github.com/aymankhder/Windows-Penetration-Testing
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/chanchalpatra/payload
- https://github.com/chrisjd20/cve-2017-9805.py
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/cyjaysun/S2-052
- https://github.com/devdunie95/Apache-Struts-2.5-2.5.12---REST-Plugin-XStream-Remote-Code-Execution
- https://github.com/digitalencoding/HHC2017
- https://github.com/do0dl3/myhktools
- https://github.com/falocab/PayloadsAllTheThings
- https://github.com/freddyfernando/News
- https://github.com/hahwul/struts2-rce-cve-2017-9805-ruby
- https://github.com/hellochunqiu/PayloadsAllTheThings
- https://github.com/hktalent/TOP
- https://github.com/hktalent/myhktools
- https://github.com/ice0bear14h/struts2scan
- https://github.com/iqrok/myhktools
- https://github.com/jbmihoub/all-poc
- https://github.com/jongmartinez/-CVE-2017-9805-
- https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups
- https://github.com/khodges42/Etrata
- https://github.com/kk98kk0/Payloads
- https://github.com/klausware/Java-Deserialization-Cheat-Sheet
- https://github.com/koutto/jok3r-pocs
- https://github.com/ksw9722/PayloadsAllTheThings
- https://github.com/linchong-cmd/BugLists
- https://github.com/lnick2023/nicenice
- https://github.com/luc10/struts-rce-cve-2017-9805
- https://github.com/mazen160/struts-pwn_CVE-2017-9805
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/mrhacker51/ReverseShellCommands
- https://github.com/nevidimk0/PayloadsAllTheThings
- https://github.com/oneplus-x/Sn1per
- https://github.com/oneplus-x/jok3r
- https://github.com/ozkanbilge/Payloads
- https://github.com/pctF/vulnerable-app
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/ranjan-prp/PayloadsAllTheThings
- https://github.com/raoufmaklouf/cve5scan
- https://github.com/ravijainpro/payloads_xss
- https://github.com/rvermeulen/apache-struts-cve-2017-9805
- https://github.com/s1kr10s/Apache-Struts-v4
- https://github.com/samba234/Sniper
- https://github.com/samqbush/struts-rest-showcase
- https://github.com/sobinge/--1
- https://github.com/sobinge/PayloadsAllTheThings
- https://github.com/sobinge/PayloadsAllThesobinge
- https://github.com/sujithvaddi/apache_struts_cve_2017_9805
- https://github.com/tdcoming/Vulnerability-engine
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trhacknon/myhktools
- https://github.com/unusualwork/Sn1per
- https://github.com/vitapluvia/hhc-writeup-2017
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/whoadmin/pocs
- https://github.com/wifido/CVE-2017-9805-Exploit
- https://github.com/winterwolf32/PayloadsAllTheThings
- https://github.com/woods-sega/woodswiki
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/ynsmroztas/Apache-Struts-V4
- https://github.com/z3bd/CVE-2017-9805