Work-in-Progress. This course is currently being written.
This course details how to gain code execution when a Struts application is vulnerable to s2-052. This vulnerability has already been widely exploited in the wild and is easily "worm-able". Therefore, it's essential that you know how to test for it.
Struts s2-052 impacts the following versions of Struts:
- Struts 2.1.2 to 2.3.33 (inclusive)
- Struts 2.5 to 2.5.12 (inclusive)
The issue comes from a lack of filtering on the deserialization class used by the REST plugin. Struts uses Xstream with a lot of filtering for deserialization in multiple places, however this filtering was not in place for the REST plugin.
The payload has been packaged in a lot of tools already.
This exercise explained how to gain code execution when a Struts application is vulnerable to s2-052. When you are coming across a Struts application, it's essential that you test for this issue (as well as s2-045. I hope you enjoyed learning with PentesterLab.