Apache Struts 2.0.9/2.1.8 – Session Tampering Security Bypass

• Exploit Database
• 36 阅读

• 作者： Hisato Killing
  日期： 2011-12-07
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/36426/

• source: https://www.securityfocus.com/bid/50940/info
  
  Apache Struts is prone to a security-bypass vulnerability that allows session tampering.
  
  Successful attacks will allow attackers to bypass security restrictions and gain unauthorized access.
  
  Apache Struts versions 2.0.9 and 2.1.8.1 are vulnerable; other versions may also be affected. 
  
  http://www.example.com/SomeAction.action?session.somekey=someValue