QQ love member No. 3 seed player

know it then do it && APT086&QQ愛安全实验室成员

St2-057复现(CVE-2018-11776)

12 Jan 2019 » security

[TOC]

st2-057复现(CVE-2018-11776)

漏洞详情:

1

https://www.anquanke.com/post/id/157397/

https://help.aliyun.com/noticelist/articleid/24270415.html

https://cwiki.apache.org/confluence/display/WW/S2-057

https://github.com/ppbibo/st2-057

环境搭建:

# centos 7 环境下

git clone https://github.com/ppbibo/st2-057.git

unzip cve201811776.zip 

docker-compose up -d

-bash: docker-compose: command not found

解决方法:

yum -y install epel-release

yum -y install python-pip

pip install docker-compose

详解:链接

访问:http://your_ip:8080/struts2-showcase

2

根据大佬教程加入 payload${(111+111)}

测试结果:

3

4

其他payload试了下测试失败,请自行测试.