Tutorials

Apache Java Struts2 Rest Plugin Exploitation – CVE-2017–9805

Today, we’ll show you the Remote code exploitation of Apache Struts2 Rest Plugin with XML Exploit. Apache published this advisory about this RCE  vulnerability by 5th September 2017 under CVE-2017-9805. The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type filtering and this can lead to Remote Code Execution […]