mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 22:53:11 +00:00
2.0 KiB
2.0 KiB
CVE-2010-1870
Description
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
POC
Reference
- http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
- http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Oct/23
- http://securityreason.com/securityalert/8345
- http://www.exploit-db.com/exploits/14360
Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/0x783kb/Security-operation-book
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/pocsuite3
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Elymaro/Struty
- https://github.com/GBMluke/Web
- https://github.com/HimmelAward/Goby_POC
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Z0fhack/Goby_POC
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/brunsu/woodswiki
- https://github.com/fupinglee/Struts2_Bugs
- https://github.com/ice0bear14h/struts2scan
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/woods-sega/woodswiki