Share
## https://sploitus.com/exploit?id=6B4AF1ED-581F-5EFE-86F2-06CB1C5D7E2F
# SSP ASSIGNEMENT 3 : CVE poc

## Exploitation of CVE-2017-5638 Apache Struts2 RCE

A Docker-based vulnerable environment for testing and demonstrating the CVE-2017-5638 Remote Code Execution vulnerability in Apache Struts2.

### Running the POC

```bash
chmod +x run.sh
./run.sh
```

This single command will:
1. Build the Docker image with a vulnerable Apache Struts2 application
2. Start a new container exposing the vulnerable service on `http://localhost:8080`
3. Execute the exploit to demonstrate OS injection

### Exploit Manually

If you prefer manual control, you can:

```bash
docker build -t cve-2017-5638 .
docker run -d -p 8080:8080 cve-2017-5638

python3 exploit/exploit.py http://localhost:8080/struts2-showcase/index.action "id"

docker rm cve-2017-5638-container
docker stop cve-2017-5638-container
```

## Video Exploit Showcase


## References

For detailed technical information about CVE-2017-5638, the vulnerability mechanics, and implementation details, see [docs/TECHNICAL_EXPLANATION.md](docs/TECHNICAL_EXPLANATION.md).