Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2020-17530

Description

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

POC

Reference

- http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

- https://www.oracle.com//security-alerts/cpujul2021.html

- https://www.oracle.com/security-alerts/cpuApr2021.html

- https://www.oracle.com/security-alerts/cpuapr2022.html

- https://www.oracle.com/security-alerts/cpujan2021.html

- https://www.oracle.com/security-alerts/cpujan2022.html

- https://www.oracle.com/security-alerts/cpuoct2021.html

Github

- https://github.com/0day666/Vulnerability-verification

- https://github.com/154802388/CVE-2020-17531

- https://github.com/20142995/Goby

- https://github.com/20142995/nuclei-templates

- https://github.com/3SsFuck/CVE-2021-31805-POC

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Al1ex/CVE-2020-17530

- https://github.com/Coldplay1517/Middleware-Vulnerability-detection-master

- https://github.com/CyborgSecurity/CVE-2020-17530

- https://github.com/EdgeSecurityTeam/Vulnerability

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/Elymaro/Struty

- https://github.com/EvilPulsar/S2-061

- https://github.com/HimmelAward/Goby_POC

- https://github.com/IkerSaint/VULNAPP-vulnerable-app

- https://github.com/JordanANDJohn/CVE-2021-31805-POC

- https://github.com/Lemoncchi/vuls-exp

- https://github.com/Live-Hack-CVE/CVE-2020-1753

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/NetW0rK1le3r/awesome-hacking-lists

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/QmF0c3UK/Struts_061

- https://github.com/SYRTI/POC_to_review

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Shadowven/Vulnerability_Reproduction

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/WhooAmii/POC_to_review

- https://github.com/Wrin9/CVE-2021-31805

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/Xuyan-cmd/Network-security-attack-and-defense-practice

- https://github.com/Z0fhack/Goby_POC

- https://github.com/Zero094/Vulnerability-verification

- https://github.com/alexfrancow/CVE-Search

- https://github.com/apachecn-archive/Middleware-Vulnerability-detection

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/brunsu/woodswiki

- https://github.com/cuclizihan/group_wuhuangwansui

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/fatkz/CVE-2020-17530

- https://github.com/fengziHK/CVE-2020-17530-strust2-061

- https://github.com/fleabane1/CVE-2021-31805-POC

- https://github.com/gh0st27/Struts2Scanner

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/huike007/penetration_poc

- https://github.com/huisetiankong478/penetration_poc

- https://github.com/ice0bear14h/struts2scan

- https://github.com/jeansgit/Pentest

- https://github.com/ka1n4t/CVE-2020-17530

- https://github.com/keyuan15/CVE-2020-17530

- https://github.com/killmonday/CVE-2020-17530-s2-061

- https://github.com/liaboveall/SecureGuard-WAF

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection

- https://github.com/lucksec/S2-62poc

- https://github.com/ludy-dev/freemarker_RCE_struts2_s2-061

- https://github.com/merlinepedra/nuclei-templates

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/nth347/CVE-2020-17530

- https://github.com/pangyu360es/CVE-2020-17530

- https://github.com/pctF/vulnerable-app

- https://github.com/phil-fly/CVE-2020-17530

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/readloud/Awesome-Stars

- https://github.com/secpool2000/CVE-2020-17530

- https://github.com/sobinge/nuclei-templates

- https://github.com/superlink996/chunqiuyunjingbachang

- https://github.com/tomtang77/sec-8b-instruct

- https://github.com/trganda/starrlist

- https://github.com/trhacknon/Pocingit

- https://github.com/tzwlhack/Vulnerability

- https://github.com/uzzzval/CVE-2020-17530

- https://github.com/whale-baby/exploitation-of-vulnerability

- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-

- https://github.com/woods-sega/woodswiki

- https://github.com/wuzuowei/CVE-2020-17530

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/z92g/CVE-2021-31805

- https://github.com/zecool/cve