Apache Struts - OGNL Expression Injection
| EKU-ID: 42933 | CVE: CVE-2013-2134;OSVDB-93969 | OSVDB-ID: |
| Author: Jon Passki | Published: 2013-06-05 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 42933 | CVE: CVE-2013-2134;OSVDB-93969 | OSVDB-ID: |
| Author: Jon Passki | Published: 2013-06-05 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/60345/info
Apache Struts is prone to a remote OGNL expression injection vulnerability.
Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application.
Apache Struts 2.0.0 through versions 2.3.14.3 are vulnerable.
http://www.example.com/example/%24%7B%23foo%3D%27Menu%27%2C%23foo%7D
http://www.example.com/example/${#foo='Menu',#foo}