Fix/CVE 2018 11776 struts2

[hhha456]

Template / PR Information
Updated CVE-2018-11776 (S2-057) Struts2 template to fix command execution failure in the Vulnhub Struts2 2.3.34 environment (a critical limitation of the original template)Original template issue: The original payload failed to bypass Struts2's default sandbox restrictions in the vulnhub/struts2:s2-057 Docker environment (a common test setup for S2-057), leading to inability to execute cat /etc/passwd and false negatives.Key improvements (addressing the Vulnhub failure):
Enhanced sandbox bypass: Added logic to clear OgnlUtil excluded packages/classes (resolves the original payload's execution failure in the vulnhub/struts2:s2-057 environment)
Matcher optimization: Ensures compatibility with normal 200 responses (avoids false negatives from unhandled formats, which the original template also struggled with in Vulnhub)
Output reliability: Replaced manual stream reading with org.apache.commons.io.IOUtils (fixes inconsistent output extraction in the Vulnhub environment)
References:
CVE Official: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776
Struts2 Security Advisory: https://struts.apache.org/docs/s2-057.html (confirms affected versions: Struts 2.0.4-2.3.34, 2.5.0-2.5.16 — matches the Vulnhub struts2:s2-057 image)
Nuclei Matcher Guideline: https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers
Template Validation
I've validated this template locally?
YES
Validation Details:Tested exclusively on the vulnhub/struts2:s2-057 Docker environment (the same setup where the original template failed):
Original template behavior in Vulnhub: The original payload could not execute cat /etc/passwd — sandbox bypass failed, and no command output was returned (false negative).
Optimized template behavior in Vulnhub: Successfully executed cat /etc/passwd in both default and strict sandbox configurations of the vulnhub/struts2:s2-057 image (no execution failures, thanks to improved bypass logic).
Matcher accuracy in Vulnhub: Correctly identified command output (e.g., root:x:0:0:root:/root:/bin/bash) in 200 responses from the Vulnhub environment.
False positive check: No false positives on non-vulnerable Struts 2.5.17 (patched) and 2.5.20 instances (not from Vulnhub).

Additional Details (leave it blank if not applicable)
Matched HTTP Response Snippet (from cat /etc/passwd command):
<img width="1476" height="668" alt="屏幕截图 2025-10-12 204545" src="https://git


hub.com/user-attachments/assets/f2879ca2-ce6e-441d-9ef4-83ffe16f5085" />

[Akokonunes]

Hello @hhha456 ,

Thank you so much for sharing this template with the community and contributing to the project. We'll be reviewing this PR shortly.

You're welcome to join our discord server, it's a great place to connect with fellow contributors and stay updated on the latest developments.

Thank you once again!