docker has struts2 full version of the platform vulnerabilities
1, first download docker in:
# docker pull 2d8ru/struts2
2, followed by the operation: (48729 physical port machine, can be arbitrary)
# docker run --name struts2 -p48729:8080 -d 2d8ru/struts2
3, download struts2 vulnerability scanning tools:
https://github.com/Lucifer1993/struts-scan
The tool supports the following vulnerabilities were detected:
ST2-005
ST2-008
ST2-009
ST2-013
ST2-016
ST2-019
ST2-020
ST2-devmode
ST2-032
ST2-033
ST2-037
ST2-045
ST2-046
ST2-048
ST2-052
ST2-053
ST2-057
4、
Description: A vulnerability which needs to be detected directly change the S2-032 at it, such as detection of S2-032, then enter the address: http: //192.168.43.14: 48729 / S2-032 / S2-032 to enter into the presence address vulnerabilities.
Open the address exists S2-032 vulnerabilities in the browser, to get the url: http: //192.168.43.14: 48729 / S2-032 / memoshow.action id = 3?
5, using struts2 vulnerability scanning tool to detect the target site and can be used directly:
[1] can batch testing all loopholes, but after testing, that is not accurate.
[2] suggests using a specified vulnerability detection method:
{ 经测试,除了008、009、046、048、052 这几个漏洞,其他漏洞均可以使用上述方法进行检测并利用 }
{ 该漏洞平台没有 020、 057 这两个漏洞 }