cve/CVE-2016-0785.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 03:02:30 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

832 B

Raw Blame History

CVE-2016-0785

Description

Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.

POC

Reference

No PoCs from references.

Github

https://github.com/20142995/pocsuite3
https://github.com/ARPSyndicate/cvemon
https://github.com/SexyBeast233/SecBooks
https://github.com/ice0bear14h/struts2scan
https://github.com/superlink996/chunqiuyunjingbachang
https://github.com/woods-sega/woodswiki

832 B Raw Blame History

CVE-2016-0785

Description

POC

Reference

Github

832 B

Raw Blame History