Share
## https://sploitus.com/exploit?id=06205348-D076-510F-AF65-F8442B0BC2EA
# CVE-2017-5638 Apache Struts 2 RCE Proof of Concept

This repository contains a Proof of Concept (PoC) script demonstrating the Remote Code Execution (RCE) vulnerability identified as **CVE-2017-5638** in Apache Struts 2.

## Vulnerability Details

- **CVE ID:** [CVE-2017-5638](https://nvd.nist.gov/vuln/detail/CVE-2017-5638)
- **Affected Software:** Apache Struts 2 versions prior to 2.3.32 and 2.5.10.1
- **Vulnerability Type:** Remote Code Execution
- **Attack Vector:** Remote, via crafted Content-Type HTTP header

## Description

An error in the handling of the `Content-Type` header in file upload requests allows attackers to execute arbitrary OGNL expressions. This can lead to full system compromise.

## Contents

- `exploit.py`: PoC script to demonstrate the vulnerability
- `README.md`: Instructions on setting up a vulnerable environment and running the PoC
- `docs/`: Additional documentation and analysis of the vulnerability

## Usage

- Install requirements:
```bash
pip isntall -r PoC/requirements.txt
```
- Check if a Target is Vulnerable:
```bash
python3 PoC/exploit.py --url <target_url> --check
```
- Run exploit:
```bash
python3 PoC/exploit.py --url <target_url> --cmd <command_to_execute>
```

## Disclaimer

**This project is for educational purposes only. Unauthorized use of this code against any system without permission is illegal and unethical.**