add cve/apache-Struts/2019/CVE-2019-0230/README.md.

Signed-off-by: fanyunpeng <cn_2023@buaa.edu.cn>
2023-03-16 09:13:36 +00:00 · 2023-03-16 09:13:36 +00:00 · f52141ccef
parent 6aa3620024
commit f52141ccef
1 changed files with 21 additions and 0 deletions
--- a/cve/apache-Struts/2019/CVE-2019-0230/README.md
+++ b/cve/apache-Struts/2019/CVE-2019-0230/README.md
@ -0,0 +1,21 @@
+# Apache Struts 2.5.20 - Double OGNL evaluation  
+Exploit Author: Lucas Souza https://lsass.io  
+Vendor Homepage:  https://apache.org/  
+Version: 2.4.49  
+Tested on: 2.4.49  
+CVE : CVE-2019-0230  
+Credits: Ash Daulton and the cPanel Security Team  
+# Usage
+```
+python CVE-2019-0230.py  + 
+-target   : Target address
+-command  : Command to execute
+-debug    : Enable debugging
+-proxy    : Enable proxy
+```
+# reference
+http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html  
+http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html  
+https://cwiki.apache.org/confluence/display/ww/s2-059  
+https://launchpad.support.sap.com/#/notes/2982840  
+https://www.oracle.com/security-alerts/cpujan2021.html