Name | wp_struts2_cmdexec2 |
CVE | CVE-2011-3923 |
Exploit Pack | White_Phosphorus |
Description | Apache Struts2 ParameterInterceptor Class OGNL Remote Command Execution |
Notes | VENDOR: Apache Notes: Module basepath param requires full path to action and attribute e.g /struts2/example/vulnerable.action?attribute This module has five unique payloads. Payloads: 0: Execute Command (blind) This will execute a command on the server, but you will see no response 1: Execute Command (nc pipe) This will execute a command on the server, and try to pipe the results back to the specified DataPort 2: TCP Connect Back (nc -e) This will attempt to spawn a connect back shell using nc with the -e option to the specified DataPort 3: TCP Connect Back Drop Trojan This will attempt to connect back to the specified DataPort and upload a Mosdef trojan which will connect back 4: Create Web Shell This is the best option and will upload a webshell and copy it to all the webroots it can find Repeatability: Unlimited References: http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3923 Date public: 2012-01-22 CVE: CVE-2011-3923 |
Learn more about the CANVAS Exploit Pack here: White_Phosphorus |