Nytro Posted March 14, 2019 Report Share Posted March 14, 2019 Exploiting OGNL Injection in Apache Struts Mar 14, 2019 • Ionut Popescu Let’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776. Apache Struts is a free, open-source framework for creating elegant, modern Java web applications. It has its share of critical vulnerabilities, with one of its features, OGNL – Object-Graph Navigation Language, being at the core of many of them. One such vulnerability (CVE-2017-5638) has facilitated the Equifax breach in 2017 that exposed personal information of more thann 145 million US citizens. Despite being a company with over 3 billion dollars in annual revenue, it was hacked via a known vulnerability in the Apache Struts model-view-controller (MVC) framework. This article offers a light introduction into Apache Struts, then it will guide you through modifying a simple application, the use of OGNL, and exploiting it. Next, it will dive into some public exploits targeting the platform and using OGNL Injection flaws to understand this class of vulnerabilities. Even if Java developers are familiar with Apache Struts, the same is often not true in the security community. That is why we have created this blog post. Contents Feel free to use the menu below to skip to the section of interest. Install Apache Tomcat server (Getting started) Get familiar with how Java apps work on a server (Web Server Basics) A look at a Struts app (Struts application example) Expression Language Injection (Expression Language injection) Understanding OGNL injection (Object-Graph Navigation Language injection) CVE-2017-5638 root cause (CVE-2017-5638 root cause) CVE-2018-11776 root cause (CVE-2018-11776 root cause) Explanation of the OGNL injection payloads (Understanding OGNL injection payloads) Articol complet: https://pentest-tools.com/blog/exploiting-ognl-injection-in-apache-struts/ Quote Link to comment Share on other sites More sharing options...