CVE-2007-4556 PoC — XWork AltSyntax功能OGNL命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2007/CVE-2007-4556.yaml

Associated Vulnerability

Title:XWork AltSyntax功能OGNL命令注入漏洞 (CVE-2007-4556)
Description:"XWork是一个命令模式框架，用于支持Struts 2及其他应用。如果启用了altSyntax功能的话，XWork就允许向文本字符串中注入OGNL表达式并递归的处理。远程攻击者可以通过HTML文本字段提交字符串，并在其中包含OGNL表达式，如果表单验证失败的话就会执行该表达式。例如，如果以下表单要求phoneNumber字段为非空的话： <s:form action="editUser"> <s:textfield name="name" /> <s:textfield name="phoneNumb

Description

Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character.

File Snapshot


 id: CVE-2007-4556

info:
  name: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
  author:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!