exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files

Struts2 2.3.15 OGNL Injection
Posted Aug 13, 2013
Authored by Takeshi Terada

Struts2 suffers from an OGNL injection vulnerability that allows for redirection. Versions 2.0.0 through 2.3.15 are affected.

tags | exploit
advisories | CVE-2013-2251
SHA-256 | 8dd8aee0be9f1818cac60e7eaadec5a677b61944590e6c481865994fb69abbf0

Related Files

Apache Struts 2 Forced Multi OGNL Evaluation
Posted Dec 24, 2020
Authored by Matthias Kaiser, Spencer McIntyre, Alvaro Munoz, ka1n4t | Site metasploit.com

The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.

tags | exploit, remote, code execution
advisories | CVE-2019-0230, CVE-2020-17530
SHA-256 | 3cfe28296a3b91c815100d9996280537326adc728304ac8036ea7dcb8ca37586
Apache Struts 2 Namespace Redirect OGNL Injection
Posted Sep 7, 2018
Authored by wvu, Man Yue Mo, hook-s3c, asoto-r7 | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

tags | exploit, remote, code execution
advisories | CVE-2018-11776
SHA-256 | d4db47de622ab194cae5e05a485e3f4743601277e19a6aa2f5275bcad5350dab
Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution
Posted May 16, 2018
Authored by Nixawk, icez, xfer0 | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote code execution can be performed via a malicious field value.

tags | exploit, remote, code execution
advisories | CVE-2017-9791
SHA-256 | 3343992f21f9ecb6b543f0313f63aef8d719b76b47b30afb63b5c6f1d0f8fd45
Apache Struts 2 REST Plugin XStream Remote Code Execution
Posted Sep 7, 2017
Authored by wvu, Man Yue Mo | Site metasploit.com

Apache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a Java deserialization attack in the XStream library.

tags | exploit, java
advisories | CVE-2017-9805
SHA-256 | 733707ff1693492ed26a3fc45635dfec661cbb6f0cba034160e94e43f171f6b9
Apache Struts Jakarta Multipart Parser OGNL Injection
Posted Mar 14, 2017
Authored by egypt, Nixawk, Nike.Zheng, Jeffrey Martin, Chorder | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

tags | exploit, remote, web, code execution
advisories | CVE-2017-5638
SHA-256 | 0d1583b3fe45147f90ce781625616136ad2241ae276309d87b001d39d32dddbc
Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
Posted Jun 9, 2016
Authored by Nixawk | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.

tags | exploit, remote, code execution
advisories | CVE-2016-3087
SHA-256 | 222463195053d60b430e6eb5f81be72703e72a3084a5e10459c90b86de104a1b
Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution
Posted Apr 30, 2016
Authored by Nixawk | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.

tags | exploit, remote, code execution
advisories | CVE-2016-3081
SHA-256 | 39285e2ede3a389887f3e8ccc69a2f47104f97406d3bfc7a832a9a1fa422a408
Apache Struts 2.3.20 Security Fixes
Posted Dec 8, 2014
Authored by Lukasz Lenart | Site struts.apache.org

Apache has released Struts version 2.3.20 which merges various security fixes and extends an existing security mechanism to block access to given Java packages and Classes.

tags | advisory, java
SHA-256 | 4edeb149fb5476c15913f77c9224f8266c491df7c2ab120e76888d96b6fcea29
Struts 2.3.16.3 Manipulation Fix
Posted May 6, 2014
Authored by Lukasz Lenart | Site struts.apache.org

Struts version 2.3.16.3 has been released to extend excluded params to avoid manipulation via the CookieInterceptor.

tags | advisory
SHA-256 | 748de2985bf1e534b05c23a1ad4db03041643d976022e32385f24f6ac7ed6d3a
Struts 1 ClassLoader Manipulation Update
Posted May 3, 2014
Authored by Rene Gielen | Site struts.apache.org

Apache Struts 1, now EOL'ed a year ago, suffers from a ClassLoader manipulation vulnerability similar to recent findings. Alvaro Munoz and the HP Fortify team have helped the Struts team come up with a recommendation for mitigation.

tags | advisory
advisories | CVE-2014-0114
SHA-256 | f9f8a680c7342a4ec7664f0833621f029bef66354e591a521ed9ce01dd951ae2
Apache Struts ClassLoader Manipulation Remote Code Execution
Posted May 2, 2014
Authored by Mark Thomas, Przemyslaw Celej | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.16.2. This issue is caused because the ParametersInterceptor allows access to 'class' parameter which is directly mapped to getClass() method and allows ClassLoader manipulation, which allows remote attackers to execute arbitrary Java code via crafted parameters.

tags | exploit, java, remote, arbitrary
advisories | CVE-2014-0094, CVE-2014-0112
SHA-256 | 568fa33a2e2d5a30bbf04a28ef0440ffb1ef8efbbd4f569d313ce10a93ef7a01
Struts 1 ClassLoader Manipulation
Posted Apr 29, 2014
Authored by Rene Gielen | Site struts.apache.org

Apache Struts 1, now EOL'ed a year ago, suffers from a ClassLoader manipulation vulnerability similar to recent findings.

tags | advisory
advisories | CVE-2014-0114
SHA-256 | d753af8cf08ba2c2ef2788acb38ccb3268e20b5f6097e41ffbf640ac694b1f2f
Struts 2.3.16.2 GA Release
Posted Apr 27, 2014
Authored by Lukasz Lenart | Site struts.apache.org

Apache Struts version 2.3.16.2 GA has been released to address ClassLoader security vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 1331886b3f8fd61bb499958c12f3d2ecbc179c9096709e2979167e1fcd693688
Struts 2.3.16.1 ClassLoader Manipulation
Posted Apr 24, 2014
Authored by Rene Gielen | Site struts.apache.org

In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved. Unfortunately, the correction wasn't sufficient. A security fix release fully addressing this issue is in preparation and will be released as soon as possible.

tags | advisory
SHA-256 | 1b02e3ee3cd52232d9bdeb795f9c25b15c8bffd44b3b7df846a5d3306f54c9ea
Apache Struts Developer Mode OGNL Execution
Posted Feb 1, 2014
Authored by juan vazquez, Johannes Dahse, Andreas Nusser, Alvaro | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java code. This Metasploit module has been tested successfully in Struts 2.3.16, Tomcat 7 and Ubuntu 10.04.

tags | exploit, java, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-0394, OSVDB-78276
SHA-256 | d95e5ef29a2fce9c476472748fd55d151658b54e2b3321896da72a713f7e54b9
Struts 2.3.15.3 Cross Site Scripting
Posted Oct 28, 2013
Authored by Nebula

Struts version 2.3.15.3 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c6554f49acdc80a0d54e90157d4de1ee7f01933f3569c0eb965debf94761230d
Struts2 2.3.15 Open Redirect
Posted Aug 13, 2013
Authored by Takeshi Terada

Struts2 suffers from an open redirection vulnerability. Versions 2.0.0 through 2.3.15 are affected.

tags | exploit
advisories | CVE-2013-2248
SHA-256 | 8e587d23a0336a32690f4388769b814ac267b69bb258b88ffb28d65bb7e874dc
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
Posted Jul 25, 2013
Authored by sinn3r, juan vazquez, Takeshi Terada | Site metasploit.com

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code. This Metasploit module has been tested successfully on Struts 2.3.15 over Tomcat 7, with Windows 2003 SP2 and Ubuntu 10.04 operating systems.

tags | exploit
systems | linux, windows, ubuntu
advisories | CVE-2013-2251, OSVDB-95405
SHA-256 | c240d5878f508b714bf5ceed219b636cd035393594292bf01d990b95dae4b372
Apache Struts includeParams Remote Code Execution
Posted Jun 2, 2013
Authored by Douglas Rodrigues, Eric Kobrin | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions prior to 2.3.14.2. A specifically crafted request parameter can be used to inject arbitrary OGNL code into the stack bypassing Struts and OGNL library protections. When targeting an action which requires interaction through GET the payload should be split having into account the uri limits. In this case, if the rendered jsp has more than one point of injection, it could result in payload corruption. It should happen only when the payload is larger than the uri length.

tags | exploit, remote, arbitrary
advisories | CVE-2013-2115, CVE-2013-1966, OSVDB-93645
SHA-256 | b8de09303f34b2ff81911d9ef267d142269251e15e41b38a2fb9e953d6b6f460
Apache Struts ParametersInterceptor Remote Code Execution
Posted Mar 22, 2013
Authored by Meder Kydyraliev | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.1.2. This issue is caused because the ParametersInterceptor allows for the use of parentheses which in turn allows it to interpret parameter values as OGNL expressions during certain exception handling for mismatched data types of properties which allows remote attackers to execute arbitrary Java code via a crafted parameter.

tags | exploit, java, remote, arbitrary
advisories | CVE-2011-3923, OSVDB-78501
SHA-256 | e56bcff70dfc308ffd717452aab966d54c1fdec14e8544d8df4198054ba401b9
Apache Struts2 Remote Code Execution
Posted Aug 22, 2012
Authored by kxlzx

This is some demonstration code that explains methods of remote code execution in Apache Struts2.

tags | exploit, remote, code execution
SHA-256 | 95aa97a6a49a06c15fe3bd11a797cecad1606abd0dc4f24592788de224974e50
Apache Struts 2.2.1.1 Remote Command Execution
Posted Jun 5, 2012
Authored by sinn3r, juan vazquez, Johannes Dahse, Andreas Nusser | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions less than or equal to 2.2.1.1. This issue is caused because the ExceptionDelegator interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

tags | exploit, java, remote, arbitrary
advisories | CVE-2012-0391, OSVDB-78277
SHA-256 | 0b05a1b978021a7e230996613260f0f4ba94c92ffadf95f1ba1f5be6cacdbf23
Apache Struts2 Local Code Execution
Posted Mar 23, 2012
Authored by voidloafer

Apache Struts2 suffers from a xsltResult local code execution vulnerability.

tags | exploit, local, code execution
SHA-256 | 1434c6a8b301101ed2361aaea168b772441d8b9133e54c0572a3ccfa8e10e32d
Apache Struts < 2.2.0 Remote Command Execution
Posted Aug 19, 2011
Authored by Meder Kydyraliev, bannedit | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.2.0. This issue is caused by a failure to properly handle unicode characters in OGNL extensive expressions passed to the web server. By sending a specially crafted request to the Struts application it is possible to bypass the "#" restriction on ParameterInterceptors by using OGNL context variables. Bypassing this restriction allows for the execution of arbitrary Java code.

tags | exploit, java, remote, web, arbitrary
advisories | CVE-2010-1870, OSVDB-66280
SHA-256 | f3dc9c6ae8fc8270cc4ef71f82c223ad04ea9e8725f94ee4894465c9a0bfbc4b
Struts2/XWork Remote Command Execution
Posted Jul 14, 2010
Authored by Meder Kydyraliev

Struts2/XWork suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2010-1870
SHA-256 | 4bfaf1025cecb689d125b743ac0333bad9a7f8606514866a6849cf570bfdb557
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close