Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-0114 PoC — Apache Struts 输入验证错误漏洞

Source
https://github.com/rgielen/struts1filter
Associated Vulnerability
Title:Apache Struts 输入验证错误漏洞 (CVE-2014-0114)
Description:Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Description
A request parameter filter solution for Struts 1 CVE-2014-0114 based on the work of Alvaro Munoz and the HP Fortify team
Readme
struts1filter
=============

A request parameter filter solution for [Apache Struts 1](http://struts.apache.org/) [CVE-2014-0114](https://issues.apache.org/jira/browse/STR-3220) based on the work of [Alvaro Munoz and the HP Fortify team](http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.VDqkCdTLeT4).

To use this filter, add the following filter declaration along with appropriate mapping to the web.xml descriptor
of the Apache Struts 1 application to protect:

```
<filter>
    <filter-name>ParamWrapperFilter</filter-name>
    <filter-class>net.rgielen.struts1.filter.ParamWrapperFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>ParamWrapperFilter</filter-name>
    <servlet-name>YOUR ACTION SERVLET</servlet-name>
</filter-mapping>
```

The filter comes with a default regular expression to match harmful parameter names,
 which might be overridden by explicit configuration:
 
```
<filter>
    <filter-name>ParamWrapperFilter</filter-name>
    <filter-class>net.rgielen.struts1.filter.ParamWrapperFilter</filter-class>
    <init-param>
        <param-name>excludeParams</param-name>
        <param-value>(.*\.|^|.*|\[('|"))(c|C)lass(\.|('|")]|\[).*</param-value>
    </init-param>
</filter>
...
```

The filter is released Maven Central. Use the following Maven dependency declaration to incorporate it in your project
(Ivy, Gradle and SBT accordingly):
```
<dependency>
    <groupId>net.rgielen</groupId>
    <artifactId>struts1filter</artifactId>
    <version>1.0.0</version>
</dependency>
```
It can also be downloaded directly. Use [the Central Repository Search](http://search.maven.org/) with the coordinates
provided above to find and download the jar.
File Snapshot

 [4.0K]  /data/pocs/1e2a9d6ec0326548362996ba04d66230360d3740
├── [ 11K]  LICENSE
├── [4.2K]  pom.xml
├── [1.7K]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  net
                └── [4.0K]  rgielen
                    └── [4.0K]  struts1
                        └── [4.0K]  filter
                            └── [7.4K]  ParamWrapperFilter.java

7 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →