Apache Roller OGNL Injection

This exploit is Copyright (C) 2007-2017 DSquare Security, LLC.


Description: This module exploits an OGNL injection vulnerability in Apache Roller < 5.0.2. The vulnerability is due to an OGNL injection on the UIAction controller because of an insecure usage of the ActionSupport.getText method.
Family: Remote Command Execution
Bugtraq ID: BID-63928
CVE ID: CVE-2013-4212
VULNDB ID: VULNDB-100342

Back to Exploits

Share :   Facebook   Twitter   Google+