{ "Name": "Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability", "Description": "Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.", "Product": "Struts2", "Homepage": "http://struts.apache.org/", "DisclosureDate": "2013-07-10", "Author": "guanshanqiu@zju.edu.cn", "FofaQuery": "url_ext=action || url_ext=do", "GobyQuery": "", "Level": "3", "Impact": "

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.

", "Recommendation": "", "References": null, "RealReferences": [ "http://struts.apache.org/development/2.x/docs/s2-013.html", "http://www.securityfocus.com/bid/60166", "https://bugzilla.redhat.com/show_bug.cgi?id=967656", "https://cwiki.apache.org/confluence/display/WW/S2-013", "https://nvd.nist.gov/vuln/detail/CVE-2013-1966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1966" ], "HasExp": true, "ExpParams": [ { "name": "cmd", "type": "input", "value": "whoami" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "data": "", "data_type": "text", "follow_redirect": true, "method": "GET", "uri": "/" }, "ResponseTest": { "checks": [ { "bz": "", "operation": "==", "type": "item", "value": "200", "variable": "$code" } ], "operation": "AND", "type": "group" } } ], "ExploitSteps": null, "Tags": ["rce", "unauthorized"], "CVEIDs": [ "CVE-2013-1966" ], "CVSSScore": "9.3", "AttackSurfaces": { "Application": null, "Support": ["struts"], "Service": null, "System": null, "Hardware": null }, "Disable": false }