THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Summary
| Excerpt |
|---|
Showcase app vulnerability allows remote command execution |
Who should read this | All Struts 2 developers |
|---|---|
Impact of vulnerability | Remote command execution |
Maximum security rating | Moderately Critical |
Recommendation | Developers should immediately upgrade to Struts 2.3.14. |
Affected Software | Struts Showcase App 2.0.0 - Struts Showcase App 2.3.14. |
|---|
2 | |
Reporter | Xgc Kxlzx, Alibaba Security Team |
|---|---|
CVE Identifier | |
Original Description | Reported directly to security@a.o |
Problem
OGNL provides, among other features, extensive expression evaluation capabilities.
A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into a property, afterward used as request parameter of a redirect address, which will cause a further evaluation.
...
- Run struts2-showcase
- Open url: http://localhost:8080/struts2-showcase/skill/edit.action?skillName=SPRING-DEV
write skill name to %{expr} for example:
Code Block %{(#_memberAccess['allowStaticMethodAccess']=true)(#context['xwork.MethodAccessor.denyMethodExecution']=false) #hackedbykxlzx=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#hackedbykxlzx.println('hacked by kxlzx'),#hackedbykxlzx.close())}- submit the form
...
| Warning |
|---|
It is strongly recommended to upgrade to Struts 2.3.14.13, which contains the corrected OGNL and XWork library. |
...