XSS.CX Home | Commentary | XSS Filter Evasion

CVE-2017-5638, symantechelp.com, Unpatched, PoC, Example

TL;DR The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as shown below.

Comment: 72 hours after this Bug was published, symantechelp.com still hadn't patched.

Proof of Concept
Sample Date: March, 10, 2016
Target URL High Medium Low Info
symantechelp.com1000
CVE-2017-5638, symantechelp.com, Exploit, PoC, Example, Web Root, httpdocs CVE-2017-5638, symantechelp.com, Exploit, PoC, Example, dmesg CVE-2017-5638, symantechelp.com, Exploit, PoC, Example, /etc/passwd
Alert Detail Click here to hide all alerts
Hide the alert
Confirmed ExploitCVE-2017-5638
Description
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.
URL https://www.symantechelp.com/
Injection Type Content-Type: Header
Other information Verified Exploit Report