CVE-2010-1870 PoC — Apache Atlassian Fisheye Struts Xwork设计错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2010/CVE-2010-1870.yaml

Associated Vulnerability

Title:Apache Atlassian Fisheye Struts Xwork设计错误漏洞 (CVE-2010-1870)
Description:XWork是一个命令模式框架，用于支持Struts 2及其他应用。在Atlassian Fisheye，Crucible和其他产品中使用的Struts 2.0.0至2.1.8.1版本中的Xwork中的OGNL表达式赋值功能使用许可的白名单，远程攻击者可以借助(1)#context，(2)#_memberAccess，(3)#root，(4)#this，(5)#_typeResolver，(6)#_classResolver，(7)#_traceEvaluations，(8)#_lastEvaluatio

Description

A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8.

File Snapshot


 id: CVE-2010-1870

info:
  name: ListSERV Maestro <= 9.0-8 RCE
  author: b0yd
  severity: medium
  d

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!