### [CVE-2020-17530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530) ![](https://img.shields.io/static/v1?label=Product&message=Apache%20Struts&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brighgreen) ### Description Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. ### POC #### Reference - http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html - http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html - https://www.oracle.com//security-alerts/cpujul2021.html - https://www.oracle.com//security-alerts/cpujul2021.html - https://www.oracle.com/security-alerts/cpuApr2021.html - https://www.oracle.com/security-alerts/cpuApr2021.html - https://www.oracle.com/security-alerts/cpuapr2022.html - https://www.oracle.com/security-alerts/cpuapr2022.html - https://www.oracle.com/security-alerts/cpujan2021.html - https://www.oracle.com/security-alerts/cpujan2021.html - https://www.oracle.com/security-alerts/cpujan2022.html - https://www.oracle.com/security-alerts/cpujan2022.html - https://www.oracle.com/security-alerts/cpuoct2021.html - https://www.oracle.com/security-alerts/cpuoct2021.html #### Github - https://github.com/0day666/Vulnerability-verification - https://github.com/154802388/CVE-2020-17531 - https://github.com/20142995/Goby - https://github.com/3SsFuck/CVE-2021-31805-POC - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Al1ex/CVE-2020-17530 - https://github.com/CyborgSecurity/CVE-2020-17530 - https://github.com/EdgeSecurityTeam/Vulnerability - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/EvilPulsar/S2-061 - https://github.com/HimmelAward/Goby_POC - https://github.com/IkerSaint/VULNAPP-vulnerable-app - https://github.com/Live-Hack-CVE/CVE-2020-1753 - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/NetW0rK1le3r/awesome-hacking-lists - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/QmF0c3UK/Struts_061 - https://github.com/SYRTI/POC_to_review - https://github.com/SexyBeast233/SecBooks - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/WhooAmii/POC_to_review - https://github.com/Wrin9/CVE-2021-31805 - https://github.com/Xuyan-cmd/Network-security-attack-and-defense-practice - https://github.com/Z0fhack/Goby_POC - https://github.com/Zero094/Vulnerability-verification - https://github.com/alexfrancow/CVE-Search - https://github.com/apachecn-archive/Middleware-Vulnerability-detection - https://github.com/bakery312/Vulhub-Reproduce - https://github.com/cuclizihan/group_wuhuangwansui - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/fengziHK/CVE-2020-17530-strust2-061 - https://github.com/fleabane1/CVE-2021-31805-POC - https://github.com/gh0st27/Struts2Scanner - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/huike007/penetration_poc - https://github.com/ice0bear14h/struts2scan - https://github.com/jeansgit/Pentest - https://github.com/ka1n4t/CVE-2020-17530 - https://github.com/keyuan15/CVE-2020-17530 - https://github.com/killmonday/CVE-2020-17530-s2-061 - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection - https://github.com/lucksec/S2-62poc - https://github.com/ludy-dev/freemarker_RCE_struts2_s2-061 - https://github.com/merlinepedra/nuclei-templates - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nth347/CVE-2020-17530 - https://github.com/pangyu360es/CVE-2020-17530 - https://github.com/pctF/vulnerable-app - https://github.com/phil-fly/CVE-2020-17530 - https://github.com/readloud/Awesome-Stars - https://github.com/sobinge/nuclei-templates - https://github.com/superlink996/chunqiuyunjingbachang - https://github.com/trganda/starrlist - https://github.com/trhacknon/Pocingit - https://github.com/tzwlhack/Vulnerability - https://github.com/uzzzval/CVE-2020-17530 - https://github.com/whale-baby/exploitation-of-vulnerability - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC- - https://github.com/woods-sega/woodswiki - https://github.com/wuzuowei/CVE-2020-17530 - https://github.com/xuetusummer/Penetration_Testing_POC - https://github.com/z92g/CVE-2021-31805 - https://github.com/zecool/cve