Apache Struts 2 REST Plugin XStream RCE
Apache Struts versions 2.1.2 - 2.3.33 and Struts 2.5 - Struts 2.5.12, using the REST plugin, are vulnerable to a Java deserialization attack in the XStream library.
Module Name
exploit/multi/http/struts2_rest_xstream
Authors
- Man Yue Mo
- wvu <wvu [at] metasploit.com>
References
Targets
- Unix (In-Memory)
- Windows (In-Memory)
- Python (In-Memory)
- PowerShell (In-Memory)
- Linux (Dropper)
- Windows (Dropper)
Platforms
- unix
- python
- linux
- windows
Architectures
- cmd
- python
- x86
- x64
- cmd
- python
- x86, x64
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/http/struts2_rest_xstream
msf exploit(struts2_rest_xstream) > show targets
...targets...
msf exploit(struts2_rest_xstream) > set TARGET <target-id>
msf exploit(struts2_rest_xstream) > show options
...show and set options...
msf exploit(struts2_rest_xstream) > exploit