Share
## https://sploitus.com/exploit?id=FAD54538-2230-5094-90F8-6044E085FAF3
# CVE-2023-50164 : Apache Struts 2 vulnerable Docker container 

Apache has recently released an advisory regarding CVE-2023-50164, a critical vulnerability with a severity rating of 9.8 that affects Apache Struts 2.

CVE-2023-50164 is intricately tied to an organization's Apache Struts architecture and the way it uses its file upload feature, enabling unauthorized path traversal that could be abused to upload a malicious file and perform remote code execution (RCE). 

This repository contains a Dockerfile to understand and manipulate the vulnerability. **The weaponized exploit code is not supplied.**

## Usage

Below, commands to run the lab (you can copy/paste in your shell) :

```bash
git clone https://github.com/Trackflaw/CVE-2023-50164-ApacheStruts2-Docker.git
cd CVE-2023-50164-ApacheStruts2-Docker
docker build --ulimit nofile=122880:122880 -m 3G -t cve-2023-50164 .
docker run -p 8080:8080 --ulimit nofile=122880:122880 -m 3G --rm -it --name cve-2023-50164 cve-2023-50164
curl http://localhost:8080/upload.action
```

Verify with CUrl to check app availability.

```html
curl http://localhost:8080/upload.action

<html>
<head>
    <title>File upload</title>
</head>
<body>
    <h1>๐Ÿ’ฃ CVE-2023-50164</h1>
    <p>Welcome to CVE-2023-50164 lab. You can practice with the file upload feature below. Find a way yo bypass the filter ๐Ÿ˜‰</p>

    <form id="upload" name="upload" action="/upload.action" method="post" enctype="multipart/form-data">
        <table class="wwFormTable">
            <tr>
                <td class="tdLabel"></td>
                <td class="tdInput"><input type="file" name="upload" id="upload_upload" /></td>
            </tr>
            <tr>
                <td colspan="2">
                    <div class="formButton"><input type="submit" value="Submit" id="upload_0" />
                    </div>
                </td>
            </tr>
        </table>
    </form>
</body>
</html>
```

Happy pwning ! ๐Ÿ˜‰

## Video

![Apache Struts 2 - RCE](video.gif)

## Source

This project is heavily inspired from [Jakabakos work](https://github.com/jakabakos/CVE-2023-50164-Apache-Struts-RCE/tree/main).

Below, list of articles to understand the flaw : 

- https://xz.aliyun.com/t/13172
- https://www.trendmicro.com/en_no/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.html