mirror of https://github.com/qwqdanchun/Goby.git
75 lines
2.9 KiB
JSON
75 lines
2.9 KiB
JSON
{
|
|
"Name": "XWork 'ParameterInterceptor' Class OGNL (CVE-2010-1870) Security Bypass Vulnerability",
|
|
"Description": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",
|
|
"Product": "Struts2",
|
|
"Homepage": "http://struts.apache.org/",
|
|
"DisclosureDate": "2010-08-17",
|
|
"Author": "guanshanqiu@zju.edu.cn",
|
|
"FofaQuery": "url_ext=action || url_ext=do",
|
|
"GobyQuery": "",
|
|
"Level": "3",
|
|
"Impact": "<p>The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects</p>",
|
|
"Recommendation": "",
|
|
"References": null,
|
|
"RealReferences": [
|
|
"http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html",
|
|
"http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16",
|
|
"http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html",
|
|
"http://seclists.org/fulldisclosure/2010/Jul/183",
|
|
"http://seclists.org/fulldisclosure/2020/Oct/23",
|
|
"http://securityreason.com/securityalert/8345",
|
|
"http://struts.apache.org/2.2.1/docs/s2-005.html",
|
|
"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2",
|
|
"http://www.exploit-db.com/exploits/14360",
|
|
"http://www.securityfocus.com/bid/41592",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2010-1870",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": [
|
|
{
|
|
"name": "cmd",
|
|
"type": "input",
|
|
"value": "whoami"
|
|
}
|
|
],
|
|
"ScanSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"data": "",
|
|
"data_type": "text",
|
|
"follow_redirect": true,
|
|
"method": "GET",
|
|
"uri": "/"
|
|
},
|
|
"ResponseTest": {
|
|
"checks": [
|
|
{
|
|
"bz": "",
|
|
"operation": "==",
|
|
"type": "item",
|
|
"value": "200",
|
|
"variable": "$code"
|
|
}
|
|
],
|
|
"operation": "AND",
|
|
"type": "group"
|
|
}
|
|
}
|
|
],
|
|
"ExploitSteps": null,
|
|
"Tags": ["rce", "unauthorized"],
|
|
"CVEIDs": [
|
|
"CVE-2010-1870"
|
|
],
|
|
"CVSSScore": "5.0",
|
|
"AttackSurfaces": {
|
|
"Application": null,
|
|
"Support": ["struts"],
|
|
"Service": null,
|
|
"System": null,
|
|
"Hardware": null
|
|
},
|
|
"Disable": false
|
|
} |