Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Feature Request - Apache Struts RCE CVE-2018-11776
See original GitHub issueHello,
I was wondering if you might consider implementing a check for CVE-2018-11776? I did read what you said in #8 about being a lightweight scanner addon, but I figure since CVE-2018-11776 is another OGNL related, simple payload it might not be that much work to implement?
An example exploit PoC can be found here. Or maybe an even better payload is just a simple addition injection one like in here ${(111+111)}, which gets executed and translated to 222. English translation.
Having this integrated into a Burp extension would be extremely valuable. The check for the older struts vuln (CVE-2017-5638) has certainly helped me out. The problem with vulnerability scanners is they don’t typically also crawl and if they do, it’s not deep. Where the check for CVE-2017-5638 has come in handy is for complex sites that have applications nested way past the web root /. Using Burp to crawl, then having that check performed six or seven /directories deep is just something a typical vulnerability scan will miss.
If this isn’t something you want to do, of course feel free to close this ticket as wontfix.
Cheers!
Issue Analytics
- State:
- Created 5 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Just now seeing this. Sorry I couldn’t help more, and nice work figuring it out! I took a look at the commit, and it seems sufficient. Great work, and I look forward to using it.
Hey, thanks for the research! Works well on 2.3.32 - no hits on 5638.