CVE-2005-3745

Apache Struts 1.2.7 - Cross-Site Scripting via Query String in Error Message

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3745. PoCs published by Irene Abezgauz.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Struts, where user-supplied input is not properly sanitized. The example demonstrates how an attacker could inject arbitrary script code into a URL to execute in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Irene Abezgauz · textremotemultiple

https://www.exploit-db.com/exploits/26542

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Struts, where user-supplied input is not properly sanitized. The example demonstrates how an attacker could inject arbitrary script code into a URL to execute in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Apache Struts (version not specified)

No auth needed

Prerequisites: A vulnerable version of Apache Struts · Ability to craft a malicious URL

MITRE ATT&CK