{ "Name": "Struts2 009 Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability", "Description": "Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.", "Product": "Struts2", "Homepage": "http://struts.apache.org/", "DisclosureDate": "2019-11-01", "Author": "gp827782797@qq.com", "FofaQuery": "url_ext=action || url_ext=do", "GobyQuery": "url_ext=action || url_ext=do", "Level": "", "Impact": "", "Recommendation": "", "References": null, "RealReferences": [ "http://seclists.org/fulldisclosure/2014/Jul/38", "http://www.exploit-db.com/exploits/24874", "http://www.securityfocus.com/bid/51628", "http://www.securitytracker.com/id?1026575", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923", "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585", "https://security-tracker.debian.org/tracker/CVE-2011-3923", "https://nvd.nist.gov/vuln/detail/CVE-2011-3923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3923" ], "HasExp": true, "ExpParams": [ { "Name": "AttackType", "Type": "select", "Value": "goby_shell_linux,cmd" }, { "Name": "cmd", "Type": "input", "show": "AttackType=cmd", "Value": "whoami" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "data": "", "data_type": "text", "follow_redirect": true, "method": "GET", "uri": "/" }, "ResponseTest": { "checks": [ { "bz": "", "operation": "==", "type": "item", "value": "200", "variable": "$code" } ], "operation": "AND", "type": "group" } } ], "ExploitSteps": null, "Tags": null, "CVEIDs": [ "CVE-2011-3923" ], "CVSSScore": "9.8", "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null }, "Disable": false }