## https://sploitus.com/exploit?id=FAD54538-2230-5094-90F8-6044E085FAF3
# CVE-2023-50164 : Apache Struts 2 vulnerable Docker container
Apache has recently released an advisory regarding CVE-2023-50164, a critical vulnerability with a severity rating of 9.8 that affects Apache Struts 2.
CVE-2023-50164 is intricately tied to an organization's Apache Struts architecture and the way it uses its file upload feature, enabling unauthorized path traversal that could be abused to upload a malicious file and perform remote code execution (RCE).
This repository contains a Dockerfile to understand and manipulate the vulnerability. **The weaponized exploit code is not supplied.**
## Usage
Below, commands to run the lab (you can copy/paste in your shell) :
```bash
git clone https://github.com/Trackflaw/CVE-2023-50164-ApacheStruts2-Docker.git
cd CVE-2023-50164-ApacheStruts2-Docker
docker build --ulimit nofile=122880:122880 -m 3G -t cve-2023-50164 .
docker run -p 8080:8080 --ulimit nofile=122880:122880 -m 3G --rm -it --name cve-2023-50164 cve-2023-50164
curl http://localhost:8080/upload.action
```
Verify with CUrl to check app availability.
```html
curl http://localhost:8080/upload.action
<html>
<head>
<title>File upload</title>
</head>
<body>
<h1>๐ฃ CVE-2023-50164</h1>
<p>Welcome to CVE-2023-50164 lab. You can practice with the file upload feature below. Find a way yo bypass the filter ๐</p>
<form id="upload" name="upload" action="/upload.action" method="post" enctype="multipart/form-data">
<table class="wwFormTable">
<tr>
<td class="tdLabel"></td>
<td class="tdInput"><input type="file" name="upload" id="upload_upload" /></td>
</tr>
<tr>
<td colspan="2">
<div class="formButton"><input type="submit" value="Submit" id="upload_0" />
</div>
</td>
</tr>
</table>
</form>
</body>
</html>
```
Happy pwning ! ๐
## Video
![Apache Struts 2 - RCE](video.gif)
## Source
This project is heavily inspired from [Jakabakos work](https://github.com/jakabakos/CVE-2023-50164-Apache-Struts-RCE/tree/main).
Below, list of articles to understand the flaw :
- https://xz.aliyun.com/t/13172
- https://www.trendmicro.com/en_no/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.html