# CVE-2023-50164 : Apache Struts 2 vulnerable Docker container 

Apache has recently released an advisory regarding CVE-2023-50164, a critical vulnerability with a severity rating of 9.8 that affects Apache Struts 2.

CVE-2023-50164 is intricately tied to an organization's Apache Struts architecture and the way it uses its file upload feature, enabling unauthorized path traversal that could be abused to upload a malicious file and perform remote code execution (RCE). 

This repository contains a Dockerfile to understand and manipulate the vulnerability. **The weaponized exploit code is not supplied.**

## Usage

Below, commands to run the lab (you can copy/paste in your shell) :

git clone
cd CVE-2023-50164-ApacheStruts2-Docker
docker build --ulimit nofile=122880:122880 -m 3G -t cve-2023-50164 .
docker run -p 8080:8080 --ulimit nofile=122880:122880 -m 3G --rm -it --name cve-2023-50164 cve-2023-50164
curl http://localhost:8080/upload.action

Verify with CUrl to check app availability.

curl http://localhost:8080/upload.action

    <title>File upload</title>
    <h1>๐Ÿ’ฃ CVE-2023-50164</h1>
    <p>Welcome to CVE-2023-50164 lab. You can practice with the file upload feature below. Find a way yo bypass the filter ๐Ÿ˜‰</p>

    <form id="upload" name="upload" action="/upload.action" method="post" enctype="multipart/form-data">
        <table class="wwFormTable">
                <td class="tdLabel"></td>
                <td class="tdInput"><input type="file" name="upload" id="upload_upload" /></td>
                <td colspan="2">
                    <div class="formButton"><input type="submit" value="Submit" id="upload_0" />

Happy pwning ! ๐Ÿ˜‰

## Video

![Apache Struts 2 - RCE](video.gif)

## Source

This project is heavily inspired from [Jakabakos work](

Below, list of articles to understand the flaw :