Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork

  • 日期:2024-01-23
  • 类别:
  • 作者:Parth Jamodkar
  • 语法:Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork
  • Dork:
    intitle:"Apache Struts 2.5" "index of /" -git
    Explanation:
    intitle:"Apache Struts 2.5": This part specifies that the search results
    must have the words "Apache Struts 2.5" in the title. It helps narrow down
    the results to instances related specifically to Apache Struts version 2.5.

    "index of /": This part looks for directories with the "index of /" string.
    Such directories often contain a listing of files and folders, which could
    be unintentionally exposed and may include sensitive information.

    -git: This part excludes results that contain the term "git". The idea is
    to filter out Git repositories from the search results, focusing on other
    types of exposed directories.

    *Sample output : *
    https://mirror.softaculous.com/apache/struts/2.5.30/
    https://ftp.unicamp.br/pub/apache/struts/2.5.25/
    https://ftp.itu.edu.tr/Mirror/Apache/struts/2.5.32/
    https://repository.jboss.org/maven2/apache-struts/struts/
    https://mirrors.gigenet.com/apache/struts/
    https://ftp.riken.jp/net/apache/struts/
    https://mirror.math.princeton.edu/pub/apache/struts/

    This Google dork is searching for instances where the title includes
    "Apache Struts 2.5," and the webpage has a directory listing ("index of /")
    but excludes any results related to Git repositories. The aim is to
    identify potentially exposed Apache Struts 2.5 instances that might have
    unintentionally revealed directory structures.

    Additional Information:

    Affected versions: Struts 2.x before 2.5.33 or 6.x before 6.3.0.2
    Description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50164

    Thank you for your consideration.

    Sincerely,

    --
    *Parth Jamodkar*

    *CLoud security researcher 3*
    *LinkedIn*