by ADummy
0x00 Use the route
Burpuite Grabbag -> CHANGE PAYLOAD -> RE-PLACKE -PACKER ->
0x01 Introduction of the vulnerability
The Xstream element of the struts 2 REST -IN contains the sequence-sequence. A questionnaire
touching copy
2.1.2 - 2.3.33 2.5 - 2.5.12
0x02 recovery vulnerability
Payload 1 (RCE):
POST / Orders / 3 / edit HTTP / 1.1 Host: your-ip: 8080 accept: / Accept language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/xml Content-Length: 2415
Visit the Struts2-Rest-Showcase interface
Burpsuite repeats, the code runs successfully
Enter Docker and find the success file being created
0x03 reference material
https://blog.csdn.net/qq_29647709/article/details/84954575