struts2 靶机docker
本来想着来弄几个st2 的老漏洞来测试一下
找了一圈。还是选择了docker
进入dockerhub 找了一下。发现有一个全版本的老的st2
This image contains demo applications for following apache struts2 vulnerabilities: S2-001 (CVE-2007-4556) S2-007 (CVE-2012-0838) S2-008 (CVE-2012-0392) S2-012 (CVE-2013-1965) S2-013 (CVE-2013-1966) S2-015 (CVE-2013-2135, CVE-2013-2134) S2-016 (CVE-2013-2251) S2-019 (CVE-2013-4316) S2-029 (CVE-2016-0785) S2-032 (CVE-2016-3081) S2-033 (CVE-2016-3087) S2-037 (CVE-2016-4438) S2-045 (CVE-2017-5638) S2-046 (CVE-2017-5638) S2-048 (CVE-2017-9791) S2-052 (CVE-2017-9805) S2-053 (CVE-2017-12611)
https://hub.docker.com/r/2d8ru/struts2
[root@localhost ~]# docker pull 2d8ru/struts2 Using default tag: latest Trying to pull repository docker.io/2d8ru/struts2 ... latest: Pulling from docker.io/2d8ru/struts2 40ae7ce86d93: Pull complete ef9ce992ffe4: Pull complete d0df8518230c: Pull complete 63678957352b: Pull complete 929e9da71fa4: Pull complete 96ef2abace74: Pull complete ee465bb23abd: Pull complete 7389ed23519a: Pull complete 01dc7810fc78: Pull complete 4afd531fccde: Pull complete 0e8cb6ef92d5: Pull complete 141c5a896ef9: Pull complete e1b65a5bf785: Pull complete f0cd1207fcb8: Pull complete ac0df1e10db5: Pull complete b4710c02ed19: Pull complete Digest: sha256:7aa386b4b606bec5f6a7f015bab6bd1cc84169beadb2a632b6939e6e703e47db Status: Downloaded newer image for docker.io/2d8ru/struts2:latest
然后启动
[root@localhost ~]# docker run -d -p 8080:8080 2d8ru/struts2 48cf32032f04db57430e44f930cf330fc347cfea948ba80adadf444df441ea2d [root@localhost ~]# docker ps
然后每个漏洞如下:
例如S2-045
就是IP:8080/S2-045
这样访问的
例如:
测试一下
Sunny
2020年4月18日 上午7:54
您好! 可否把这个工具分享给我: Struts2全版本漏洞测试工具14.5过WAF版,谢谢!