Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

Struts "devmode": Still a problem ten years later?, (Tue, Apr 23rd)

published on 2024-04-23 12:37:56 UTC by
Content:

Like many similar frameworks and languages, Struts 2 has a "developer mode" (devmode) offering additional features to aid debugging. Error messages will be more verbose, and the devmode includes an OGNL console. OGNL, the Object-Graph Navigation Language, can interact with Java, but in the end, executing OGNL results in arbitrary code execution. This OGNL console resembles a "web shell" built into devmode.

Article: Struts "devmode": Still a problem ten years later?, (Tue, Apr 23rd) - published 7 months ago.

https://isc.sans.edu/diary/rss/30866
Published: 2024 04 23 12:37:56
Received: 2024 04 23 13:16:13
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities
Views: 1