Check Order status | Verified Sales | Escrow Service | Advertise
westernunion carding gold carding
revolut carding electronics carding
paypal carding payoneer carding
advertise on cracking forums

Apache Struts ParametersInterceptor Remote Code Execution

M33

[ Verified Seller ]
Staff member
Trusted Seller
Joined
10 yrs. 8 mth. 6 days
Messages
5,012
Reaction score
11,817
Wallet
13,191$
Please, Log in or Register to view URLs content!


Please, Log in or Register to view URLs content!


This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.1.2. This issue is caused because the ParametersInterceptor allows for the use of parentheses which in turn allows it to interpret parameter values as OGNL expressions during certain exception handling for mismatched data types of properties which allows remote attackers to execute arbitrary Java code via a crafted parameter.

Code:
Please, Log in or Register to view codes content!

source:
Please, Log in or Register to view URLs content!
 
Top Bottom