.. / CVE-2013-2251

Exploit for Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (CVE-2013-2251)

Description:

In Struts 2 before 2.3.15.1 the information following “action:”, “redirect:”, or “redirectAction:” is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.

Nuclei Template

View the template here CVE-2013-2251.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2013/CVE-2013-2251.yaml

References:

http://cxsecurity.com/issue/WLB-2014010087
https://cwiki.apache.org/confluence/display/WW/S2-016
http://struts.apache.org/release/2.3.x/docs/s2-016.html
https://nvd.nist.gov/vuln/detail/CVE-2013-2251
http://archiva.apache.org/security.html

.. / CVE-2013-2251 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (CVE-2013-2251)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2013-2251