struts-problem-report: Apache Struts Dev Mode - Detect

漏洞描述

PoC代码[已公开]

id: struts-problem-report

info:
  name: Apache Struts Dev Mode - Detect
  author: dhiyaneshDK
  severity: low
  description: Multiple Apache Struts applications were detected in dev-mode.
  reference:
    - https://www.exploit-db.com/ghdb/4278
  metadata:
    max-request: 1
  tags: struts,debug,edb,exposure,apache,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<title>Struts Problem Report</title>'

      - type: status
        status:
          - 200
# digest: 4a0a004730450221009f86ba6024a37c0a8129d8fd360d7c1626e066b225266ce9e3b93ed039d0c3ee02202932e64fe561ebb15e59b134cc868efb13ab962ae52675fcc26030963413aa20:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• Apache Struts2 S2-067 /index.action 文件上传漏洞（CVE-2024-53677）
• Apache Struts2 2.0.0～2.2.3 S2-007 /user.action 命令执行漏洞（CVE-2012-0838）
• POC CVE-2007-4556: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
• POC CVE-2012-0392: Apache Struts2 S2-008 RCE
• POC CVE-2012-0394: Apache Struts <2.3.1.1 - Remote Code Execution
• POC CVE-2013-1965: Apache Struts2 S2-012 RCE
• POC CVE-2013-2248: Apache Struts - Multiple Open Redirection Vulnerabilities
• POC CVE-2013-2251: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
• POC CVE-2017-12611: Apache Struts2 S2-053 - Remote Code Execution
• POC CVE-2017-5638: Apache Struts 2 - Remote Command Execution
• POC CVE-2017-9791: Apache Struts2 S2-053 - Remote Code Execution
• POC CVE-2017-9805: Apache Struts2 S2-052 - Remote Code Execution
• POC CVE-2018-11776: Apache Struts2 S2-057 - Remote Code Execution