Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts CVE-2024-53677

Name: Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts CVE-2024-53677
Rating: 5 (464 reviews)

2024-12-18 | CVSS 9.8

## https://sploitus.com/exploit?id=3D555D52-4B5F-517C-88C5-341F28EE68D6
# Disclaimer  
Do not use the related technologies described in this article for illegal testing purposes. Any direct or indirect consequences or losses resulting from the dissemination or use of the information or tools provided in this article are solely the responsibility of the user. Any adverse effects are unrelated to the article’s author. This article is intended for educational purposes only. # CVE-2024-53677-S2-067-thread  
Verify the poc: https://github.com/TAM-K592/CVE-2024-53677-S2-067/  
The following versions of Apache Struts are affected: 2.0.0 to 2.5.33, 6.0.0 to 6.3.0.2  

Based on the history of the poc over the past few days, the latest version available online is in base64-encoded format; it was released yesterday (December 18, 2024).  
![Image](https://github.com/user-attachments/assets/8099de5c-90ac-4041-9274-f98b97592a69)  

I made some modifications based on the work of experts:  
- It now supports multi-threading.  
- The explanation has been translated into Chinese.

[source-iocs-preserved url=http://example.com） const=UPLOAD_ENDPOINT]