CVE-2021-31805 PoC — Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.

Source

https://github.com/JordanANDJohn/CVE-2021-31805-POC

Associated Vulnerability

Title:Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE. (CVE-2021-31805)
Description:The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

Description

Apache Struts2 S2-062(CVE-2021-31805)远程代码执行批量检测（无利用）

Readme

# CVE-2021-31805-POC
漏洞信息
Apache Struts 是一个免费的开源 MVC 框架，用于创建优雅的现代 Java Web 应用程序。它支持约定优于配置，可使用插件架构进行扩展，并附带支持 REST、AJAX 和 JSON 的插件。
近日Apache官方公布S2-062远程代码执行漏洞安全公告，漏洞编号为 CVE-2021-31805：

针对 CVE-2020-17530 发布的修复不完整。因此，从 Apache Struts 2.0.0 到 2.5.29，如果开发人员通过使用 %{…} 语法应用强制 OGNL 评估，仍然有一些标签的属性可以执行双重评估。对不受信任的用户输入使用强制 OGNL 评估可能会导致远程代码执行漏洞。
其中漏洞编号CVE-2022-22954影响版本如下：
Struts 2.0.0 - Struts 2.5.29

File Snapshot


 [4.0K]  /data/pocs/a54030fb86b2a0c2ee381449d5ed3d77befb79d7
├── [2.7K]  CVE-2021-31805-POC.py
└── [ 761]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!