Apache Struts 2.0.0-2.5.29 - Remote Code Execution via Forced OGNL Evaluation
Title source: llmExploitation Summary
CVE-2021-31805 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 10 public exploits from researchers including pyroxenites, Wrin9, jax7sec. A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2021-31805, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands, demonstrated via DNS exfiltration and direct command execution payloads.
Description
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
Exploits (10)
This repository contains a functional exploit PoC for CVE-2021-31805, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands, demonstrated via DNS exfiltration and direct command execution payloads.
This repository contains a functional exploit for CVE-2021-31805, a remote code execution vulnerability in Apache Struts2 due to incomplete OGNL expression filtering. The PoC leverages a crafted multipart/form-data payload to execute arbitrary commands via OGNL injection.
This repository contains a functional exploit for CVE-2021-31805, an RCE vulnerability in Apache Struts2 (S2-062). The exploit leverages OGNL injection via a crafted multipart form-data payload to execute arbitrary commands on the target system.
This repository contains functional exploit code for CVE-2021-31805, an Apache Struts2 S2-062 remote code execution vulnerability. The exploit leverages OGNL injection to execute arbitrary commands via a crafted multipart/form-data payload.
This repository contains a functional exploit for CVE-2021-31805, a Struts2 remote command execution vulnerability. The tool supports both DNS-based and direct command execution checks, with payloads tailored for S2-061 and S2-062 vulnerabilities.
This repository provides a functional Dockerized environment for exploiting CVE-2021-31805, an OGNL injection vulnerability in Apache Struts2. The PoC demonstrates arbitrary file deletion via crafted OGNL expressions in the `skillName` parameter.
This repository contains a functional exploit PoC for CVE-2021-31805, an Apache Struts2 RCE vulnerability caused by incomplete OGNL evaluation fixes. The script sends a crafted multipart request with OGNL payloads to trigger remote code execution via freemarker.template.utility.Execute.
The repository contains minimal Java code for a Tomcat setup and a basic Struts action class, but lacks any exploit logic or demonstration of CVE-2021-31805. No malicious or functional exploit code is present.
This repository contains a functional exploit PoC for CVE-2021-31805, an Apache Struts2 RCE vulnerability caused by incomplete OGNL evaluation fixes. The script sends a crafted multipart request with OGNL payloads to trigger remote code execution.
This repository contains functional exploit code for CVE-2021-31805, an Apache Struts2 S2-062 remote code execution vulnerability. The exploit leverages OGNL injection to execute arbitrary commands on the target system, including command execution and reverse shell capabilities.
Nuclei Templates (1)
http.html:"apache struts" || http.title:"struts2 showcase" || http.html:"struts problem report"
body="struts problem report" || title="struts2 showcase" || body="apache struts"
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H