.. / CVE-2020-17530

Exploit for Apache Struts 2.0.0-2.5.25 - Remote Code Execution (CVE-2020-17530)

Description:

Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it.

Nuclei Template

View the template here CVE-2020-17530.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-17530.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-17530
https://security.netapp.com/advisory/ntap-20210115-0005/
http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
https://cwiki.apache.org/confluence/display/WW/S2-061
http://jvn.jp/en/jp/JVN43969166/index.html

.. / CVE-2020-17530 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache Struts 2.0.0-2.5.25 - Remote Code Execution (CVE-2020-17530)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-17530