## https://sploitus.com/exploit?id=6B4AF1ED-581F-5EFE-86F2-06CB1C5D7E2F
# SSP ASSIGNEMENT 3 : CVE poc
## Exploitation of CVE-2017-5638 Apache Struts2 RCE
A Docker-based vulnerable environment for testing and demonstrating the CVE-2017-5638 Remote Code Execution vulnerability in Apache Struts2.
### Running the POC
```bash
chmod +x run.sh
./run.sh
```
This single command will:
1. Build the Docker image with a vulnerable Apache Struts2 application
2. Start a new container exposing the vulnerable service on `http://localhost:8080`
3. Execute the exploit to demonstrate OS injection
### Exploit Manually
If you prefer manual control, you can:
```bash
docker build -t cve-2017-5638 .
docker run -d -p 8080:8080 cve-2017-5638
python3 exploit/exploit.py http://localhost:8080/struts2-showcase/index.action "id"
docker rm cve-2017-5638-container
docker stop cve-2017-5638-container
```
## Video Exploit Showcase
## References
For detailed technical information about CVE-2017-5638, the vulnerability mechanics, and implementation details, see [docs/TECHNICAL_EXPLANATION.md](docs/TECHNICAL_EXPLANATION.md).