### [CVE-2017-9791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9791)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Struts&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brighgreen)

### Description

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

### POC

#### Reference
- https://www.exploit-db.com/exploits/42324/
- https://www.exploit-db.com/exploits/44643/

#### Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/CrackerCat/myhktools
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/GhostTroops/myhktools
- https://github.com/HimmelAward/Goby_POC
- https://github.com/IanSmith123/s2-048
- https://github.com/IkerSaint/VULNAPP-vulnerable-app
- https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
- https://github.com/Micr067/CMS-Hunter
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Practical-Technology/webcve-scan
- https://github.com/SecWiki/CMS-Hunter
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Z0fhack/Goby_POC
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/atdpa4sw0rd/Experience-library
- https://github.com/binfed/cms-exp
- https://github.com/copperfieldd/CMS-Hunter
- https://github.com/djschleen/ash
- https://github.com/do0dl3/myhktools
- https://github.com/dragoneeg/Struts2-048
- https://github.com/foospidy/web-cve-tests
- https://github.com/gh0st27/Struts2Scanner
- https://github.com/hktalent/myhktools
- https://github.com/ice0bear14h/struts2scan
- https://github.com/iqrok/myhktools
- https://github.com/jas502n/st2-048
- https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups
- https://github.com/khodges42/Etrata
- https://github.com/linchong-cmd/BugLists
- https://github.com/lnick2023/nicenice
- https://github.com/nixawk/labs
- https://github.com/oneplus-x/MS17-010
- https://github.com/pctF/vulnerable-app
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/shuanx/vulnerability
- https://github.com/soosmile/cms-V
- https://github.com/tdcoming/Vulnerability-engine
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trhacknon/myhktools
- https://github.com/woods-sega/woodswiki
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xfer0/CVE-2017-9791
- https://github.com/yige666/CMS-Hunter