Share
## https://sploitus.com/exploit?id=785CD4C6-7BE9-59A0-B87C-0F2EECDD9EE9
# Apache Struts S2-052 XML Deserialization RCE

This repository demonstrates exploitation of **Apache Struts S2-052 (CVE-2017-9805)** using malicious XML deserialization.

The exploit was developed while solving the **INE eWPTX Practice Range โ€“ Struts XML Deserialization RCE lab**.

---

## Vulnerability Overview

Apache Struts REST plugin uses **XStream** to deserialize XML requests.

When the application processes XML with:

Content-Type: application/xml

An attacker can supply a malicious serialized object graph which triggers execution of arbitrary commands via:

java.lang.ProcessBuilder

This results in **Remote Command Execution (RCE)**.

---

## Vulnerable Flow

Client Request
     โ†“
Struts REST Plugin
     โ†“
XStream XML Deserialization
     โ†“
Malicious Object Graph
     โ†“
ProcessBuilder.start()
     โ†“
Remote Code Execution

---

## Lab Environment

Platform: INE eWPTX Practice Range  
Challenge: Struts XML Deserialization RCE  

---
## Affected Versions

Struts 2.1.6 โ€“ 2.3.33
Struts 2.5 โ€“ 2.5.12