XSS.CX Home | Commentary | XSS Filter Evasion

CVE-2017-5638, consumer.experian.in, Unpatched, PoC, Example

TL;DR The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as shown below.

Comment: 72 hours after this Bug was published, consumer.experian.in still hadn't patched.

Sample Date: March, 10, 2016
Target URL High Medium Low Info
consumer.experian.in1000
CVE-2017-5638, consumer.experian., Exploit, PoC, Example, curl CVE-2017-5638, consumer.experian.in, Exploit, PoC, Example, /etc/passwd CVE-2017-5638, consumer.experian.in, Exploit, PoC, Example, ifconfig
Alert Detail Click here to hide all alerts
Hide the alert
Confirmed ExploitCVE-2017-5638
Description
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.
URL https://consumer.experian.in/
Injection Type Content-Type: Header
Other information Verified Exploit Report