struts-debug-mode: Apache Struts setup in Debug-Mode

漏洞描述

PoC代码[已公开]

id: struts-debug-mode

info:
  name: Apache Struts setup in Debug-Mode
  author: pdteam
  severity: low
  description: Apache Struts debug mode is enabled.
  metadata:
    max-request: 1
  tags: logs,struts,apache,exposure,setup,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers:
      - type: word
        words:
          - "<debug>"
          - "<struts.actionMapping>"
        condition: and
# digest: 4a0a00473045022100a74dc63fe30b231aae668379337f41cc93151e152927a6d3f322f6232002d9eb022010d658651d0322b55388475445565827387ed56769f0ed0a692c9f773090bdc6:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• Apache Struts2 S2-067 /index.action 文件上传漏洞（CVE-2024-53677）
• Apache Struts2 2.0.0～2.2.3 S2-007 /user.action 命令执行漏洞（CVE-2012-0838）
• POC CVE-2007-4556: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
• POC CVE-2012-0392: Apache Struts2 S2-008 RCE
• POC CVE-2012-0394: Apache Struts <2.3.1.1 - Remote Code Execution
• POC CVE-2013-1965: Apache Struts2 S2-012 RCE
• POC CVE-2013-2248: Apache Struts - Multiple Open Redirection Vulnerabilities
• POC CVE-2013-2251: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
• POC CVE-2017-12611: Apache Struts2 S2-053 - Remote Code Execution
• POC CVE-2017-5638: Apache Struts 2 - Remote Command Execution
• POC CVE-2017-9791: Apache Struts2 S2-053 - Remote Code Execution
• POC CVE-2017-9805: Apache Struts2 S2-052 - Remote Code Execution
• POC CVE-2018-11776: Apache Struts2 S2-057 - Remote Code Execution