Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork
Dork:
intitle:"Apache Struts 2.5" "index of /" -git
Explanation:
intitle:"Apache Struts 2.5": This part specifies that the search results
must have the words "Apache Struts 2.5" in the title. It helps narrow down
the results to instances related specifically to Apache Struts version 2.5.
"index of /": This part looks for directories with the "index of /" string.
Such directories often contain a listing of files and folders, which could
be unintentionally exposed and may include sensitive information.
-git: This part excludes results that contain the term "git". The idea is
to filter out Git repositories from the search results, focusing on other
types of exposed directories.
*Sample output : *
https://mirror.softaculous.com/apache/struts/2.5.30/
https://ftp.unicamp.br/pub/apache/struts/2.5.25/
https://ftp.itu.edu.tr/Mirror/Apache/struts/2.5.32/
https://repository.jboss.org/maven2/apache-struts/struts/
https://mirrors.gigenet.com/apache/struts/
https://ftp.riken.jp/net/apache/struts/
https://mirror.math.princeton.edu/pub/apache/struts/
This Google dork is searching for instances where the title includes
"Apache Struts 2.5," and the webpage has a directory listing ("index of /")
but excludes any results related to Git repositories. The aim is to
identify potentially exposed Apache Struts 2.5 instances that might have
unintentionally revealed directory structures.
Additional Information:
Affected versions: Struts 2.x before 2.5.33 or 6.x before 6.3.0.2
Description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50164
Thank you for your consideration.
Sincerely,
--
*Parth Jamodkar*
*CLoud security researcher 3*
*LinkedIn*