Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Struts "devmode": Still a problem ten years later?, (Tue, Apr 23rd)

published on 2024-04-23 12:37:56 UTC by
Content:
Like many similar frameworks and languages, Struts 2 has a "developer mode" (devmode) offering additional features to aid debugging. Error messages will be more verbose, and the devmode includes an OGNL console. OGNL, the Object-Graph Navigation Language, can interact with Java, but in the end, executing OGNL results in arbitrary code execution. This OGNL console resembles a "web shell" built into devmode. 
Article: Struts "devmode": Still a problem ten years later?, (Tue, Apr 23rd) - published 7 months ago.

https://isc.sans.edu/diary/rss/30866   
Published: 2024 04 23 12:37:56
Received: 2024 04 23 13:16:13
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities
Views: 1

Custom HTML Block

Click to Open Code Editor