Add PoC exploit for CVE-2017-9805

[postmodern]

Add a PoC exploit for CVE-2017-9805, remove code execution via insecure deserialization in the REST plugin for Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13.

Reference PoCs

• https://github.com/Shakun8/CVE-2017-9805/blob/main/CVE-2017-9805.py (appears to execute a command, but I don't see where it's interpolated into the payload)
• https://gitee.com/mirrors_mazen160/struts-pwn_CVE-2017-9805 (has a 10 second sleep payload)
• https://github.com/0xd3vil/CVE-2017-9805-Exploit/blob/main/exploit.py (payload executes a command via /bin/sh -c)
• https://github.com/z3bd/CVE-2017-9805 (includes vulnerable copy of Apache Struts + REST plugin)

Vuln App

• https://github.com/vulhub/vulhub/tree/639e32be6c0425b11d7d56594761c5e599a6a9d5/struts2/s2-052
• https://github.com/z3bd/CVE-2017-9805

How to Submit a PoC

See the CONTRIBUTING file for instructions on how to submit a PoC exploit.

[postmodern]

Ronin::Support::Network::HTTP needs to support multipart file upload to make it easier to write this PoC. https://github.com/ronin-rb/ronin-support/issues/504