module
Apache Struts ClassLoader Manipulation Remote Code Execution
| Disclosed | Created |
|---|---|
| 2014-03-06 | 2018-05-30 |
Disclosed
2014-03-06
Created
2018-05-30
Description
This module exploits a remote command execution vulnerability in Apache Struts versions
1.x ( the ActionForm bean population mechanism while in case of Struts 2.x the vulnerability is due
to the ParametersInterceptor. Both allow access to 'class' parameter that is directly
mapped to getClass() method and allows ClassLoader manipulation. As a result, this can
allow remote attackers to execute arbitrary Java code via crafted parameters.
1.x ( the ActionForm bean population mechanism while in case of Struts 2.x the vulnerability is due
to the ParametersInterceptor. Both allow access to 'class' parameter that is directly
mapped to getClass() method and allows ClassLoader manipulation. As a result, this can
allow remote attackers to execute arbitrary Java code via crafted parameters.
Authors
Mark Thomas
Przemyslaw Celej
Redsadic julian.vilas@gmail.com
Matthew Hall hallm@sec-1.com
Przemyslaw Celej
Redsadic julian.vilas@gmail.com
Matthew Hall hallm@sec-1.com
Platform
Linux,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.