Golfreeze.packetlove.com: Life style of Golfreeze Canon400D Family kammtan.com Jazz Freebsd Unix Linux System Admin guitar Music

All about unix linux freebsd and FAQ for Packetlove.com Web hosting , Mail hosting , VoIP + IP PBX server => All Security via cyber space relate golfreeze task. => Topic started by: golfreeze on เมษายน 19, 2017, 03:44:07 pm

Title: struts2 on framework vulnerable for upload command then run bash
Post by: golfreeze on เมษายน 19, 2017, 03:44:07 pm: https://github.com/fredondiek/struts2_rce_attack_filter
https://github.com/rapid7/metasploit-framework/issues/8064

It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user.

อาจจะโดนอยู่ใน

/var/tmp
หรือ
/usr/local/tomcat
ได้นะครับผม

Powered by SMF 2.0.11 | SMF © 2006-2009, Simple Machines LLC
SMFAds for Free Forums