CVE-2008-6504

OpenSymphony XWork 2.0.x < 2.0.6 and 2.1.x < 2.1.2 - Remote Code Execution via OGNL Context Object Reference

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6504. PoCs published by Meder Kydyraliev.

AI-analyzed exploit summary This exploit leverages a security-bypass vulnerability in XWork by manipulating server-side context objects through crafted input. It demonstrates setting a session variable to an arbitrary value, potentially compromising the application.

Description

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Meder Kydyraliev · textremotemultiple

https://www.exploit-db.com/exploits/32564

View Code ZIP pw:eip

This exploit leverages a security-bypass vulnerability in XWork by manipulating server-side context objects through crafted input. It demonstrates setting a session variable to an arbitrary value, potentially compromising the application.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: XWork < 2.0.6, Struts 2.0.0 - 2.0.11.2

No auth needed

Prerequisites: Access to a vulnerable XWork/Struts application

MITRE ATT&CK