CVE-2020-17530
Description
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Severity: CRITICAL
CVE ID: CVE-2020-17530
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2020-17530
Refrence: Project Discovery GitHub
ka1n4t
Refrence: GitHub
wuzuowei
S2-061 的payload,以及对应简单的PoC/Exp
Refrence: GitHub
Al1ex
S2-061 CVE-2020-17530
Refrence: GitHub
fengziHK
CVE-2020-17530-strust2-061
Refrence: GitHub
ludy-dev
(cve-2020-17530) struts2_s2-061 freemarker_RCE testscript
Refrence: GitHub
CyborgSecurity
Refrence: GitHub
uzzzval
Refrence: GitHub
killmonday
Refrence: GitHub
keyuan15
Struts2 S2-061 远程命令执行漏洞(CVE-2020-17530)
Refrence: GitHub
nth347
Vulnerable environment of CVE-2020-17530 (S2-061) for testing
Refrence: GitHub
Content on GitHub
phil-fly | watchers:4
CVE-2020-17530
hack,poc
Refrence: GitHub
pangyu360es | watchers:1
CVE-2020-17530
Apache Struts2框架是一个用于开发Java EE网络应用程序的Web框架。Apache Struts于2020年12月08日披露 S2-061 Struts 远程代码执行漏洞(CVE-2020-17530),在使用某些tag等情况下可能存在OGNL表达式注入漏洞,从而造成远程代码执行,风险极大。提醒我校Apache Struts用户尽快采取安全措施阻止漏洞攻击。
Refrence: GitHub
gh0st27 | watchers:1
Struts2Scanner
Struts2Scanner is a vulnerability scanner to find out if a target endpoint is vulnerable to Remote Code Execution.
Refrence: GitHub
154802388 | watchers:0
CVE-2020-17531
Apache Struts2框架是一个用于开发Java EE网络应用程序的Web框架。Apache Struts于2020年12月08日披露 S2-061 Struts 远程代码执行漏洞(CVE-2020-17530),在使用某些tag等情况下可能存在OGNL表达式注入漏洞,从而造成远程代码执行,风险极大。提醒我校Apache Struts用户尽快采取安全措施阻止漏洞攻击。
Refrence: GitHub