CVE-2012-1592

HIGH

Apache Struts 2.0-2.5.22 - Unrestricted Upload of File with Dangerous Type via Malformed XSLT Processing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1592. PoCs published by voidloafer.

AI-analyzed exploit summary This exploit leverages a remote arbitrary file-upload vulnerability in Apache Struts2 by using OGNL injection to execute arbitrary commands (e.g., 'calc') via an XSL stylesheet. The vulnerability arises from insufficient input sanitization, allowing attackers to run code in the context of the webserver process.

Description

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

Exploits (1)

exploitdb WORKING POC VERIFIED

by voidloafer · xmlwebappsjava

https://www.exploit-db.com/exploits/37009

View Code ZIP pw:eip

This exploit leverages a remote arbitrary file-upload vulnerability in Apache Struts2 by using OGNL injection to execute arbitrary commands (e.g., 'calc') via an XSL stylesheet. The vulnerability arises from insufficient input sanitization, allowing attackers to run code in the context of the webserver process.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache Struts2 (versions affected by CVE-2012-1592)

No auth needed

Prerequisites: Access to a vulnerable Struts2 application with file upload functionality

MITRE ATT&CK