cve/2016/CVE-2016-3081.md

### [CVE-2016-3081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.

### POC

#### Reference
- http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/91787
- https://www.exploit-db.com/exploits/39756/

#### Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite3
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/HimmelAward/Goby_POC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Z0fhack/Goby_POC
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/fupinglee/Struts2_Bugs
- https://github.com/ice0bear14h/struts2scan
- https://github.com/ilmila/J2EEScan
- https://github.com/jooeji/PyEXP
- https://github.com/k3rw1n/S02-32-POC
- https://github.com/linchong-cmd/BugLists
- https://github.com/nikamajinkya/Sn1p3r
- https://github.com/ronoski/j2ee-rscan
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/wangeradd1/MyPyExploit
- https://github.com/whoadmin/pocs
- https://github.com/woods-sega/woodswiki
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2016-3081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html`
			`- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html`
			`- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html`
			`- http://www.securityfocus.com/bid/91787`
			`- https://www.exploit-db.com/exploits/39756/`

			`#### Github`
			`- https://github.com/0day666/Vulnerability-verification`
			`- https://github.com/20142995/Goby`
			`- https://github.com/20142995/pocsuite3`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/ARPSyndicate/kenzer-templates`
			`- https://github.com/Elsfa7-110/kenzer-templates`
			`- https://github.com/HimmelAward/Goby_POC`
			`- https://github.com/SexyBeast233/SecBooks`
			`- https://github.com/Threekiii/Awesome-POC`
			`- https://github.com/Threekiii/Vulhub-Reproduce`
			`- https://github.com/Z0fhack/Goby_POC`
			`- https://github.com/Zero094/Vulnerability-verification`
			`- https://github.com/bakery312/Vulhub-Reproduce`
			`- https://github.com/fupinglee/Struts2_Bugs`
			`- https://github.com/ice0bear14h/struts2scan`
			`- https://github.com/ilmila/J2EEScan`
			`- https://github.com/jooeji/PyEXP`
			`- https://github.com/k3rw1n/S02-32-POC`
			`- https://github.com/linchong-cmd/BugLists`
			`- https://github.com/nikamajinkya/Sn1p3r`
			`- https://github.com/ronoski/j2ee-rscan`
			`- https://github.com/superlink996/chunqiuyunjingbachang`
			`- https://github.com/wangeradd1/MyPyExploit`
			`- https://github.com/whoadmin/pocs`
			`- https://github.com/woods-sega/woodswiki`