Immunity, Inc.
Name wp_struts2_cmdexec2
CVE CVE-2011-3923
Exploit Pack White_Phosphorus
DescriptionApache Struts2 ParameterInterceptor Class OGNL Remote Command Execution
NotesVENDOR: Apache
Notes:
Module basepath param requires full path to action and attribute e.g /struts2/example/vulnerable.action?attribute

This module has five unique payloads.
Payloads:
0: Execute Command (blind)
This will execute a command on the server, but you will see no response
1: Execute Command (nc pipe)
This will execute a command on the server, and try to pipe the results back to the specified DataPort
2: TCP Connect Back (nc -e)
This will attempt to spawn a connect back shell using nc with the -e option to the specified DataPort
3: TCP Connect Back Drop Trojan
This will attempt to connect back to the specified DataPort and upload a Mosdef trojan which will connect back
4: Create Web Shell
This is the best option and will upload a webshell and copy it to all the webroots it can find


Repeatability: Unlimited
References: http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3923
Date public: 2012-01-22
CVE: CVE-2011-3923

Learn more about the CANVAS Exploit Pack here: White_Phosphorus