Apache Struts OGNL Expression Injection Vulnerability

2013-06-05T00:00:00
ID EDB-ID:38549
Type exploitdb
Reporter Jon Passki
Modified 2013-06-05T00:00:00

Description

Apache Struts OGNL Expression Injection Vulnerability. CVE-2013-2134. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/60345/info

Apache Struts is prone to a remote OGNL expression injection vulnerability.

Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application.

Apache Struts 2.0.0 through versions 2.3.14.3 are vulnerable. 

http://www.example.com/example/%24%7B%23foo%3D%27Menu%27%2C%23foo%7D

http://www.example.com/example/${#foo='Menu',#foo}