Apache Struts file upload path traversal

Added: 12/20/2024

Background

Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture.

Problem

A directory traversal vulnerability in Apache Struts allows remote attackers to upload files to arbitrary locations, leading to command execution.

Resolution

Upgrade to Struts 6.4.0 or higher and migrate to the new file upload mechanism.

References

https://cwiki.apache.org/confluence/display/WW/S2-067
https://isc.sans.edu/diary/31520

Limitations

The vulnerability can only be exploited if a Struts application allows file uploads.

On success, this exploit creates a JSP file under the root web application which must be manually removed from the target.
Back to exploit index