mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
2.0 KiB
2.0 KiB
CVE-2016-3081
Description
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
POC
Reference
- http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/91787
- https://www.exploit-db.com/exploits/39756/
Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite3
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/HimmelAward/Goby_POC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Z0fhack/Goby_POC
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/fupinglee/Struts2_Bugs
- https://github.com/ice0bear14h/struts2scan
- https://github.com/ilmila/J2EEScan
- https://github.com/jooeji/PyEXP
- https://github.com/k3rw1n/S02-32-POC
- https://github.com/linchong-cmd/BugLists
- https://github.com/nikamajinkya/Sn1p3r
- https://github.com/ronoski/j2ee-rscan
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/wangeradd1/MyPyExploit
- https://github.com/whoadmin/pocs
- https://github.com/woods-sega/woodswiki