exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2013-2251

Status Candidate

Overview

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

Related Files

Apache Struts 2 Remote Code Execution
Posted Oct 20, 2020
Authored by Jonatas Fil

Apache Struts 2 DefaultActionMapper Prefixes OGNL remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2013-2251
SHA-256 | 8fc62c46ad7c22f69ed91bac27cf5de646a12ab72512eb056f4af8ee4edfc6ba
Apache Archiva 1.3x Remote Command Execution
Posted Apr 21, 2014
Authored by Brett Porter | Site archiva.apache.org

Apache Archiva versions 1.3 through Continuum 1.3.6 and versions 1.2 through 1.2.2 are vulnerable to remote command execution.

tags | advisory, remote
advisories | CVE-2013-2251
SHA-256 | 6016752b96e92a44c9cf1eebaa5b10137807afe16bffa1cffa6f222ce1c77103
Struts2 2.3.15 OGNL Injection
Posted Aug 13, 2013
Authored by Takeshi Terada

Struts2 suffers from an OGNL injection vulnerability that allows for redirection. Versions 2.0.0 through 2.3.15 are affected.

tags | exploit
advisories | CVE-2013-2251
SHA-256 | 8dd8aee0be9f1818cac60e7eaadec5a677b61944590e6c481865994fb69abbf0
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
Posted Jul 25, 2013
Authored by sinn3r, juan vazquez, Takeshi Terada | Site metasploit.com

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code. This Metasploit module has been tested successfully on Struts 2.3.15 over Tomcat 7, with Windows 2003 SP2 and Ubuntu 10.04 operating systems.

tags | exploit
systems | linux, windows, ubuntu
advisories | CVE-2013-2251, OSVDB-95405
SHA-256 | c240d5878f508b714bf5ceed219b636cd035393594292bf01d990b95dae4b372
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close