Struts2 re-explode remote command execution vulnerability! [W3bsafe] struts2-048 Poc shell and defense repair solution First Look!

Source: Internet
Author: User
Tags explode java web

Vulnerability overview

Apache struts is an open source project maintained by the Pachitea (Apache) Software Foundation, an open-source MVC framework for creating enterprise-class Java Web applications. An arbitrary code execution vulnerability exists in the Showcase application of the Struts 2.3.x series demonstrating the plug-in for Struts2 integrated struts 1. When your app uses Struts2 Struts1 plug-ins, it may cause untrusted input to pass into the Actionmessage class causing the command to execute.

Solution Solutions

When you pass the original message to Actionmessage, use a resource key value similar to the following, and do not pass the original value directly

Messages.add ("msg", New Actionmessage ("struts1.gangsteradded", Gform.getname ()));


Values should not be the case:

Messages.add ("msg", New Actionmessage ("Gangster" + gform.getname () + "was added"));



Enter the text!

In the afternoon, I saw a circle of friends st2-048 a cousin's exp on GitHub.

Reproducible success




It contains the POC for st2-045 46 48 and Python

Python version reproduced successfully Ps: This diagram is the other small partners with the successful POC replication



POC and more Defense Solutions : Https://bbs.ichunqiu.com/thread-24504-1-1.html?from=bky

Struts2 re-explode remote command execution vulnerability! [W3bsafe] struts2-048 Poc shell and defense repair solution First Look!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.