4 matches found
Exploit for Injection in Atlassian Confluence_Data_Center
CVE-2023-22527 This repository presents a proof-of-concept of...
The vulnerability of the Freemaker package from the Apache Struts software platform allows a perpetrator to execute arbitrary code.
The vulnerability of the Freemaker package from the Apache Struts software platform exists due to incorrect processing of expressions written in the Object Graph Navigation Language OGNL. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
欧朋浏览器之广告主后台敏感信息泄漏漏洞(泄漏内容证明)
简要描述: J2EE架构安全 详细说明: 泄漏点: http://59.151.113.225/WEB-INF/web.xml http://59.151.113.225/WEB-INF/spring/webmvc-config.xml 漏洞证明: Spring+Freemaker 反编译class文件...
欧朋浏览器多站配置不当泄漏敏感信息
简要描述: J2EE架构安全 详细说明: 关于WEB-INF WEB-INF是Java的WEB应用的安全目录。所谓安全就是客户端无法访问,只有服务端可以访问的目录。 WEB-INF目录下的敏感目录及文件: classes目录(包含该应用核心的java类编译后的class文件及部分配置文件) lib目录(所用框架、插件或组件的架包) web.xml(重要的配置文件) 泄漏点1. http://59.151.113.213/WEB-INF/web.xml http://59.151.113.213/WEB-INF/spring/webmvc-config.xml...