Apache Struts Version 3 : Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts
Apache Struts Version 3 is a tool to exploit 3 RCE vulnerabilities on ApacheStruts. Script contains the fusion of 3 vulnerabilities of type RCE on ApacheStruts, also has the ability to create server shell.
Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications.
Below is a full list of all changes:
unclosed instantiation of PrintWriter
Http Sessions forcefully created for all requests using I18nInterceptor with default Storage value.
NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector when using Executioner interceptor
ClassCastException in JarEntryRevision
Dependency Mapping Exception When Using PrefixBasedActionProxyFactory
The converter() method of com.opensymphony.xwork2.conversion.annotations.TypeConversion is now deprecated. If this method is removed in some next release, it will forbid to describe a converter by the name (id) of a Spring bean.
Conversion by annotation does not work
List of Boolean is not populated in Action class
JSONResult exception in struts2-json-plugin-2.5.14.1.jar
buttons with name=”method:METHODNAME” sometimes ignore global-allowed-methods defined in struts.xml
Could not create JarEntryRevision for [zip:C:/…. unknown protocol c
NPE in I18nInterceptor$SessionLocaleHandler.read
JasperReportResult: NPE When Not Using SQL Connection
support JSR 303 Validation Groups in BeanValidation-Plugin
Debug tag should not display anything when not in dev mode
Allow using of Initializable interface on an implementation level
Allowed methods inheritance
Allow use Jackson XML bindings to serialise / deserialise XML
when using an custom array as a filed in struts 2 action form textfiled data from jsp page in not populating into custom array but populating in String array or array list