openkylin
/
openkylin-exploit-db
mirror of https://gitee.com/openkylin/openkylin-exploit-db.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
openkylin-exploit-db/cve/apache-Struts/2019/CVE-2019-0230
History
fanyunpeng ab87e3aef5
poc 
Signed-off-by: fanyunpeng <cn_2023@buaa.edu.cn>
 		2023-03-16 09:13:58 +00:00
..
CVE-2019-0230.py poc 2023-03-16 09:13:58 +00:00
README.md add cve/apache-Struts/2019/CVE-2019-0230/README.md. 2023-03-16 09:13:36 +00:00

README.md

Apache Struts 2.5.20 - Double OGNL evaluation

Exploit Author: Lucas Souza https://lsass.io
Vendor Homepage: https://apache.org/
Version: 2.4.49
Tested on: 2.4.49
CVE : CVE-2019-0230
Credits: Ash Daulton and the cPanel Security Team

Usage

python CVE-2019-0230.py  + 
-target   : Target address
-command  : Command to execute
-debug    : Enable debugging
-proxy    : Enable proxy

reference

http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
https://cwiki.apache.org/confluence/display/ww/s2-059
https://launchpad.support.sap.com/#/notes/2982840
https://www.oracle.com/security-alerts/cpujan2021.html