Struts your way into Strongkey [RCE]
![Struts your way into Strongkey [RCE]](/images/c3Ryb25na2V5LXJjZQo=.png)
Intro
Back to Feb 1, 2020 at 5:53PM, I reported a critical vulnerability issue that gives me a remote code execution(RCE) on StrongKey company. To those who don’t know, StrongAuth, or StrongKey is a security based company that “makes data breach irrelevant, with StrongKey technology, your data becomes worthless to hackers” as stated on their website !.
About the company by CyberDb :
“StrongAuth, Inc. is a Silicon Valley company focused on Symmetric Key Management, Encryption, Tokenization and PKI and FIDO-based Strong-Authentication. StrongAuth has defined a unique web-application architecture – Regulatory Compliant Cloud Computing (RC3) – which enables secure cloud-computing while complying with data-security regulations anywhere in the world.”
Enough speaking !
Spotting the vulnerability
As usual, conducting my research and don’t know how the strongAuth web app kicks my browser, clicked around found myself into partner subdomain. Quick look at the url, I recognized the extension .action, directly went to test for the Struts CVE-2017-563, as I already seen that pattern from some reads I did before.
Exploitation
I grabbed the public exploit 41570 and did a quick check, and okey I was in !
Here is my PoC:
Notes
- Keep your eyes on recent CVES, reverse them if no public exploit exists, and always keep a good reads habit.
- No matter what company’s size, there will be always some flaws here and there.
- Even if the main company’s mission is protection, they missed out to patch the bug before. And breaches comes from here !