.. / CVE-2019-0230

Exploit for Apache Struts <=2.5.20 - Remote Code Execution (CVE-2019-0230)

Description:

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.

Nuclei Template

View the template here CVE-2019-0230.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-0230.yaml

References:

https://cwiki.apache.org/confluence/display/ww/s2-059
http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2019-0230
https://cwiki.apache.org/confluence/display/WW/S2-059

.. / CVE-2019-0230 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache Struts <=2.5.20 - Remote Code Execution (CVE-2019-0230)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-0230