Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace.
PoC: struts-pwn_CVE-2018-11776
An exploit for Apache Struts CVE-2018-11776
PoC: CVE-2018-11776-Python-PoC
Working Python test and PoC for CVE-2018-11776, includes Docker lab
PoC: Apache-Struts-Shodan-Exploit
This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers.
PoC: Strutter
Proof of Concept for CVE-2018-11776
PoC: S2-057-CVE-2018-11776
A simple exploit for Apache Struts RCE S2-057 (CVE-2018-11776)
PoC: CVE-2018-11776
Creating a vulnerable environment and the PoC
PoC: Apache-Struts-0Day-Exploit
Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts.
PoC: CVE-2018-11776
Vulnerable docker container for CVE-2018-11776
PoC: CVE-2018-11776
CVE-2018-11776(S2-057) EXPLOIT CODE
PoC: CVE-2018-11776
Environment for CVE-2018-11776 / S2-057 (Apache Struts 2)
PoC: cve-2018-11776
cve-2018-11776
PoC: CVE-2018-11776
PoC Script for the CVE-2018-11776 vuln
PoC: CVE-2018-11776
Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications.
PoC: apche-struts-vuln-demo-cve-2018-11776
Spins up an isolated test environment for experimentation with Apache Struts vulnerability CVE-2018-11776.
PoC: CVE-2018-11776
Docker image for a vulnerable struts app
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free