A critical vulnerability that could completely compromise an apache struts web server was reported by a research team at LGTM (tracked as CVE-2017-9805 ( S2-052 )). Successful exploitation of this vulnerability could lead to RCE (Remote Code Execution), taking full control over the server and a failed attempt can lead to Denial of Service.
Apache struts is an open source application for building web applications using java. All the web applications that are using this the famous REST application is now vulnerable to this attack. This plugin fails to handle XML payloads while de-serializing them.
Metasploit Module For Apache Struts 2 REST (CVE-2017-9805)
A metasploit module designed for exploiting this vulnerability was released today. Using this module, vulnerable websites can be exploited and easily gain a shell. The name of this module is ‘struts2_rest_xstream’
How to install Metasploit Module for Struts?
Watch Video Tutorial
First you have to download the module by executing the command
Next you will have to move this downloaded file to metasploits directory
cp struts2_rest_xstream.rb /usr/share/metasploit-framework/modules/exploits/multi/http/
Now start metasploit to check whether the module is being loaded correctly.
Now load the module by running
We can see that the module is loaded correctly. Now type
To view all parameters to set to execute the attack. If you face any difficulty during the installation, please let me know it in the comments.
This is the updated version of Metasploit Module For Apache Struts 2 REST (CVE-2017-9805)
Apache Struts 2.5 through 2.5.12 that are using REST are vulnerable to this attack.