Apache Struts – OGNL Expression Injection

• Exploit Database
• 18 阅读

• 作者： Jon Passki
  日期： 2013-06-05
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/38549/

• source: https://www.securityfocus.com/bid/60345/info
  
  Apache Struts is prone to a remote OGNL expression injection vulnerability.
  
  Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application.
  
  Apache Struts 2.0.0 through versions 2.3.14.3 are vulnerable. 
  
  http://www.example.com/example/%24%7B%23foo%3D%27Menu%27%2C%23foo%7D
  
  http://www.example.com/example/${#foo='Menu',#foo}