S2-052

This exercise covers the exploitation of the Struts S2-052 vulnerability

PTLAB

Free

Tier

PTLAB

Easy

PTLAB

< 1 Hr.

PTLAB

2378

PTLAB

Blue Badge

Online access to this exercise is only available with PentesterLab PRO

Attachments/Files:

ISO

The ISO for this exercise can be downloaded by clicking here (95MB).

Work-in-Progress. This course is currently being written.

Introduction

This course details how to gain code execution when a Struts application is vulnerable to s2-052. This vulnerability has already been widely exploited in the wild and is easily "worm-able". Therefore, it's essential that you know how to test for it.

Struts s2-052

Struts s2-052 impacts the following versions of Struts:

Struts 2.1.2 to 2.3.33 (inclusive)
Struts 2.5 to 2.5.12 (inclusive)

The issue comes from a lack of filtering on the deserialization class used by the REST plugin. Struts uses Xstream with a lot of filtering for deserialization in multiple places, however this filtering was not in place for the REST plugin.

The payload

The payload has been packaged in a lot of tools already.

Conclusion

This exercise explained how to gain code execution when a Struts application is vulnerable to s2-052. When you are coming across a Struts application, it's essential that you test for this issue (as well as s2-045).

I hope you enjoyed learning with PentesterLab.