CVEs-PoC/2020/CVE-2020-17530.md

CVE-2020-17530

Description

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

POC

Reference

• http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuoct2021.html

Github

• https://github.com/0day666/Vulnerability-verification
• https://github.com/154802388/CVE-2020-17531
• https://github.com/20142995/Goby
• https://github.com/3SsFuck/CVE-2021-31805-POC
• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/Al1ex/CVE-2020-17530
• https://github.com/CyborgSecurity/CVE-2020-17530
• https://github.com/EdgeSecurityTeam/Vulnerability
• https://github.com/Elsfa7-110/kenzer-templates
• https://github.com/EvilPulsar/S2-061
• https://github.com/HimmelAward/Goby_POC
• https://github.com/IkerSaint/VULNAPP-vulnerable-app
• https://github.com/Live-Hack-CVE/CVE-2020-1753
• https://github.com/Mr-xn/Penetration_Testing_POC
• https://github.com/NaInSec/CVE-PoC-in-GitHub
• https://github.com/NetW0rK1le3r/awesome-hacking-lists
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
• https://github.com/QmF0c3UK/Struts_061
• https://github.com/SYRTI/POC_to_review
• https://github.com/SexyBeast233/SecBooks
• https://github.com/Shadowven/Vulnerability_Reproduction
• https://github.com/Threekiii/Awesome-POC
• https://github.com/Threekiii/Vulhub-Reproduce
• https://github.com/WhooAmii/POC_to_review
• https://github.com/Wrin9/CVE-2021-31805
• https://github.com/Xuyan-cmd/Network-security-attack-and-defense-practice
• https://github.com/Z0fhack/Goby_POC
• https://github.com/Zero094/Vulnerability-verification
• https://github.com/alexfrancow/CVE-Search
• https://github.com/apachecn-archive/Middleware-Vulnerability-detection
• https://github.com/bakery312/Vulhub-Reproduce
• https://github.com/cuclizihan/group_wuhuangwansui
• https://github.com/developer3000S/PoC-in-GitHub
• https://github.com/fengziHK/CVE-2020-17530-strust2-061
• https://github.com/fleabane1/CVE-2021-31805-POC
• https://github.com/gh0st27/Struts2Scanner
• https://github.com/hectorgie/PoC-in-GitHub
• https://github.com/huike007/penetration_poc
• https://github.com/ice0bear14h/struts2scan
• https://github.com/jeansgit/Pentest
• https://github.com/ka1n4t/CVE-2020-17530
• https://github.com/keyuan15/CVE-2020-17530
• https://github.com/killmonday/CVE-2020-17530-s2-061
• https://github.com/lions2012/Penetration_Testing_POC
• https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
• https://github.com/lucksec/S2-62poc
• https://github.com/ludy-dev/freemarker_RCE_struts2_s2-061
• https://github.com/merlinepedra/nuclei-templates
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/nth347/CVE-2020-17530
• https://github.com/pangyu360es/CVE-2020-17530
• https://github.com/pctF/vulnerable-app
• https://github.com/phil-fly/CVE-2020-17530
• https://github.com/readloud/Awesome-Stars
• https://github.com/sobinge/nuclei-templates
• https://github.com/superlink996/chunqiuyunjingbachang
• https://github.com/trganda/starrlist
• https://github.com/trhacknon/Pocingit
• https://github.com/tzwlhack/Vulnerability
• https://github.com/uzzzval/CVE-2020-17530
• https://github.com/whale-baby/exploitation-of-vulnerability
• https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
• https://github.com/woods-sega/woodswiki
• https://github.com/wuzuowei/CVE-2020-17530
• https://github.com/xuetusummer/Penetration_Testing_POC
• https://github.com/z92g/CVE-2021-31805
• https://github.com/zecool/cve