11 lines
No EOL
469 B
Text
11 lines
No EOL
469 B
Text
source: http://www.securityfocus.com/bid/60345/info
|
|
|
|
Apache Struts is prone to a remote OGNL expression injection vulnerability.
|
|
|
|
Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application.
|
|
|
|
Apache Struts 2.0.0 through versions 2.3.14.3 are vulnerable.
|
|
|
|
http://www.example.com/example/%24%7B%23foo%3D%27Menu%27%2C%23foo%7D
|
|
|
|
http://www.example.com/example/${#foo='Menu',#foo} |