Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork

• SHDB
• 129 阅读

• 日期：2024-01-23
• 类别：
  • Vulnerable Servers
• 作者：Parth Jamodkar
• 语法：Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork

• Dork:
  intitle:"Apache Struts 2.5" "index of /" -git
  Explanation:
  intitle:"Apache Struts 2.5": This part specifies that the search results
  must have the words "Apache Struts 2.5" in the title. It helps narrow down
  the results to instances related specifically to Apache Struts version 2.5.

  "index of /": This part looks for directories with the "index of /" string.
  Such directories often contain a listing of files and folders, which could
  be unintentionally exposed and may include sensitive information.

  -git: This part excludes results that contain the term "git". The idea is
  to filter out Git repositories from the search results, focusing on other
  types of exposed directories.

  *Sample output : *
  https://mirror.softaculous.com/apache/struts/2.5.30/
  https://ftp.unicamp.br/pub/apache/struts/2.5.25/
  https://ftp.itu.edu.tr/Mirror/Apache/struts/2.5.32/
  https://repository.jboss.org/maven2/apache-struts/struts/
  https://mirrors.gigenet.com/apache/struts/
  https://ftp.riken.jp/net/apache/struts/
  https://mirror.math.princeton.edu/pub/apache/struts/

  This Google dork is searching for instances where the title includes
  "Apache Struts 2.5," and the webpage has a directory listing ("index of /")
  but excludes any results related to Git repositories. The aim is to
  identify potentially exposed Apache Struts 2.5 instances that might have
  unintentionally revealed directory structures.

  Additional Information:

  Affected versions: Struts 2.x before 2.5.33 or 6.x before 6.3.0.2
  Description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50164

  Thank you for your consideration.

  Sincerely,

  --
  *Parth Jamodkar*

  *CLoud security researcher 3*
  *LinkedIn*