struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Spellman <jimspellma...@gmail.com>
Subject ognl exploit
Date Wed, 08 Mar 2017 22:04:56 GMT
Is there a way to turn off ognl, so to prevent this exploit?
https://github.com/rapid7/metasploit-framework/issues/8064

I found someone trying to break into my server and was able to issue
system level commands by injecting this ognl language into the content
header of a multipart form.

I'm currently using:

struts2-core-2.5.2.jar
ognl-3.1.10.jar

Any help would be appreciated.
Thanks...
Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message