Apache Struts – OGNL Expression Injection

• Exploit Database
• 199 阅读

• 作者： Jon Passki
  日期： 2013-06-05
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/38549/
• 1 2 3 4 5 6 7 8 9 10 11 12

  source: https://www.securityfocus.com/bid/60345/info   Apache Struts is prone to a remote OGNL expression injection vulnerability.   Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application.   Apache Struts 2.0.0 through versions 2.3.14.3 are vulnerable.   http://www.example.com/example/%24%7B%23foo%3D%27Menu%27%2C%23foo%7D   http://www.example.com/example/${#foo='Menu',#foo}