Skip to content
/ ShellEvil Public

Struts 2 DefaultActionMapper Interactive Shell Exploit for CVE-2013-225 [S2-016]

0 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PentestinGxRoot/ShellEvil

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
shell.png
shell.png
 
 
shellevil.py
shellevil.py
 
 

Repository files navigation

ShellEvil

  • Jonatas Fil (Dkr)
  • Julio Della Flora
  • Thiago Sena (THX)

Struts 2 DefaultActionMapper Interactive Shell Exploit for CVE-2013-225 [S2-016]

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms.

https://struts.apache.org/docs/s2-016.html

USO: python pwn.py http://site.com:8080/xxx.action

Demo

alt text (porshe owned :p)

About

Struts 2 DefaultActionMapper Interactive Shell Exploit for CVE-2013-225 [S2-016]

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages