Application Details
Apache Struts2 is an open-source web application framework for developing Java EE web applications.
Vulnerability
Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the handling of file upload parameters, which, if manipulated, can lead to unauthorised path traversal.
Identification
By uploading a specially crafted archive file containing "dot dot" sequences (/../), an attacker could exploit this vulnerability to execute arbitrary code on the system.
POST /testing.cfc?method=foo&_cfclient=true
PAYLOAD -
------WebKitFormBoundaryDTi01np839cabHwj
Content-Disposition: form-data; name="Upload"; filename="1.txt"
Content-Type: text/plain
<jsp>....</jsp>
------WebKitFormBoundaryDTi01np839cabHwj
Content-Disposition: form-data; name="uploadFileName";
../../shell.jsp
------WebKitFormBoundaryDTi01np839cabHwj
Detection
By turning this into a traffic file and matching rule, we are able to detect attempts to execute arbitrary code on the system.
Coverage
Idappcom have created signature 8024467 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments