XWork 2.0.x - 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability

2008-11-04T00:00:00
ID EDB-ID:32564
Type exploitdb
Reporter Meder Kydyraliev
Modified 2008-11-04T00:00:00

Description

XWork 2.0.x 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability. CVE-2008-6504. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/32101/info

XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.

Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer.

Versions prior to XWork 2.0.6 are vulnerable. Struts 2.0.0 through 2.0.11.2 contain vulnerable versions of XWorks and are therefore also affected. 

To set #session.user to '0wn3d':

('\u0023' + 'session[\'user\']')(unused)=0wn3d